[SOLVED] Unable to reach Google Compute over port 9000

Issue

I have a google compute running CentOS 7, and I wrote up a quick test to try and communicate with it over port 9000 (from my home PC) - but I'm unexpectedly getting network errors.

This happens both with my test script (which attempts to send a payload) and even with plink.exe (which I'm just using to check the port availability).

>plink.exe -v -raw -P 9000 <external_IP>
Connecting to <external_IP> port 9000
Failed to connect to <external_IP>: Network error: Connection refused
Network error: Connection refused
FATAL ERROR: Network error: Connection refused

• I've added my external IP to googles firewall (https://console.cloud.google.com/networking/firewalls) and set to allow ingress traffic over port 9000 (it's the lowest priority, at 1000)

• I also updated firewalld in CentOS to allow TCP traffic over the port:

Redirecting to /bin/systemctl start firewalld.service
[foo@bar ~]$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
success
[foo@bar ~]$ sudo firewall-cmd --reload
success

• I've confirmed my listener is running on port 9000

[foo@bar ~]$ netstat -npae | grep 9000
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1000       18381      1201/python3

• By default, CentOS 7 doesn't use iptables (just to be sure, I confirmed it wasn't running)

Am I missing something?

NOTE: Actual external IP replaced with <external_IP> placeholder

Update: If I nmap my listener over port 9000 from the CentOS 7 compute instance over a local IP, like 127.0.0.1 I get some results. Interestingly, if I make the same nmap call over the servers external IP -- nadda. So this has to be a firewall, right?

external call

[foo@bar~]$ nmap <external_IP> -Pn

Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 00:33 UTC
Nmap scan report for <external_IP>.bc.googleusercontent.com (<external_IP>)
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
3389/tcp closed ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds

Internal Call

[foo@bar~]$ nmap 127.0.0.1 -Pn

Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 04:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
9000/tcp open  cslistener

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

Solution

In this case software running on the backend VM must be listening any IP (0.0.0.0 or ::), your's is listening to "127.0.0.1:9000" and it should be "0.0.0.0:9000".

The way to fix that it's to change the service config to listen to 0.0.0.0 instead of 127.0.0.1 .

Cheers.

Answered By - Ciprian Atomulesei

Answer Checked By - Marilyn (WPSolving Volunteer)