我已经在 Linux VM 实例上部署了一个应用程序服务器。应用程序正在成功运行并监听端口 3465。我通过添加防火墙规则打开了端口 3465,但仍然无法从监听端口上的本地 Windows 计算机连接应用程序。
我使用以下 IP 端口从本地机器连接虚拟机实例应用程序,
IP地址:VM 实例的外部 IP
港口:3465
1)我已添加防火墙规则以打开端口
elon_musk@archway-146712:~$ gcloud compute firewall-rules list
NAME NETWORK DIRECTION PRIORITY ALLOW DENY
<firewall-rule> default INGRESS 1000 tcp:3465
2)我尝试添加转发规则,但没有成功
elon_musk@archway-146712:~$ gcloud compute target-instances list
NAME ZONE INSTANCE NAT_POLICY
<ti-name> asia-south1-a <instance-name> NO_NAT
elon_musk@archway-146712:~$ gcloud compute forwarding-rules list
NAME REGION IP_ADDRESS IP_PROTOCOL TARGET
<fr-name> asia-south1 xx.xxx.148.135 TCP asia-south1-a/targetInstances/<ti-name>
注意:当我创建转发规则时,系统自动使用除 VM 实例的外部 IP 之外的 IP 地址。所以问题又来了,我应该使用转发规则的 IP 地址还是 VM 实例的外部 IP?
以下是 Linux VM 实例 iptables 配置
elon_musk@archway-146712:~$ sudo iptables -t filter -L -v
Chain INPUT (policy ACCEPT 2609 packets, 376K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION all -- any any anywhere anywhere
0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- any docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 2433 packets, 237K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere