How to connect to external proxy on port 3459 from GCP VM Instance?












0















I have a proxy server which accepts connections on port 3459. When I am trying to connect to it from my local computer, I am able to connect. To test I ran this command in terminal:



curl --proxy http://proxy_url:3459 --proxy-user user:password -L icanhazip.com



When I tried to run the same in a GCP Compute Engine VM instance which lies in a non-default VPC (named testing-vpc), I'm unable to connect to the proxy.
I have created a firewall rule to open port 3459 by following command:



gcloud compute firewall-rules create proxy-allow-egress-port3459 

  --network testing-vpc 

  --action allow 

  --direction egress 

  --rules tcp:3459 

  --destination-ranges 0.0.0.0/0 

  --priority 10 

  --target-tags testing-proxy


and attached the tag testing-proxy in my instance. Still, its not working. Please let me know what am I missing here.






networking google-cloud-platform google-compute-engine firewall







share|improve this question























  • - Every VPC network has two implied firewall rules which permit outgoing connections and block incoming connections (However, GCP firewall rules are stateful, it allows bidirectional communication once a session is established). Creating a firewall rule to allow outgoing traffic isn’t required unless outbound access is restricted by a higher priority firewall rule.

    – Sunny J.
    Jan 14 at 1:12











  • Just to ensure that the configuration were correctly done, could check the following: - Have you already checked if traffic from the VM Instance is allowed on the external proxy server on port 3459? - Is the VM instance able to send traffic to any other external hosts on the Internet? Also is it possible to share a basic diagram showing the expected network path from the VM instance to the proxy server (showing the NAT gateway instance and any other components in between the source and destination)

    – Sunny J.
    Jan 14 at 1:18
















0















I have a proxy server which accepts connections on port 3459. When I am trying to connect to it from my local computer, I am able to connect. To test I ran this command in terminal:



curl --proxy http://proxy_url:3459 --proxy-user user:password -L icanhazip.com



When I tried to run the same in a GCP Compute Engine VM instance which lies in a non-default VPC (named testing-vpc), I'm unable to connect to the proxy.
I have created a firewall rule to open port 3459 by following command:



gcloud compute firewall-rules create proxy-allow-egress-port3459 

  --network testing-vpc 

  --action allow 

  --direction egress 

  --rules tcp:3459 

  --destination-ranges 0.0.0.0/0 

  --priority 10 

  --target-tags testing-proxy


and attached the tag testing-proxy in my instance. Still, its not working. Please let me know what am I missing here.






networking google-cloud-platform google-compute-engine firewall







share|improve this question























  • - Every VPC network has two implied firewall rules which permit outgoing connections and block incoming connections (However, GCP firewall rules are stateful, it allows bidirectional communication once a session is established). Creating a firewall rule to allow outgoing traffic isn’t required unless outbound access is restricted by a higher priority firewall rule.

    – Sunny J.
    Jan 14 at 1:12











  • Just to ensure that the configuration were correctly done, could check the following: - Have you already checked if traffic from the VM Instance is allowed on the external proxy server on port 3459? - Is the VM instance able to send traffic to any other external hosts on the Internet? Also is it possible to share a basic diagram showing the expected network path from the VM instance to the proxy server (showing the NAT gateway instance and any other components in between the source and destination)

    – Sunny J.
    Jan 14 at 1:18














0












0








0








I have a proxy server which accepts connections on port 3459. When I am trying to connect to it from my local computer, I am able to connect. To test I ran this command in terminal:



curl --proxy http://proxy_url:3459 --proxy-user user:password -L icanhazip.com



When I tried to run the same in a GCP Compute Engine VM instance which lies in a non-default VPC (named testing-vpc), I'm unable to connect to the proxy.
I have created a firewall rule to open port 3459 by following command:



gcloud compute firewall-rules create proxy-allow-egress-port3459 

  --network testing-vpc 

  --action allow 

  --direction egress 

  --rules tcp:3459 

  --destination-ranges 0.0.0.0/0 

  --priority 10 

  --target-tags testing-proxy


and attached the tag testing-proxy in my instance. Still, its not working. Please let me know what am I missing here.






networking google-cloud-platform google-compute-engine firewall







share|improve this question














I have a proxy server which accepts connections on port 3459. When I am trying to connect to it from my local computer, I am able to connect. To test I ran this command in terminal:



curl --proxy http://proxy_url:3459 --proxy-user user:password -L icanhazip.com



When I tried to run the same in a GCP Compute Engine VM instance which lies in a non-default VPC (named testing-vpc), I'm unable to connect to the proxy.
I have created a firewall rule to open port 3459 by following command:



gcloud compute firewall-rules create proxy-allow-egress-port3459 

  --network testing-vpc 

  --action allow 

  --direction egress 

  --rules tcp:3459 

  --destination-ranges 0.0.0.0/0 

  --priority 10 

  --target-tags testing-proxy


and attached the tag testing-proxy in my instance. Still, its not working. Please let me know what am I missing here.






networking google-cloud-platform google-compute-engine firewall




networking google-cloud-platform google-compute-engine firewall






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 2 at 8:15









amulya349amulya349

693920




693920













  • - Every VPC network has two implied firewall rules which permit outgoing connections and block incoming connections (However, GCP firewall rules are stateful, it allows bidirectional communication once a session is established). Creating a firewall rule to allow outgoing traffic isn’t required unless outbound access is restricted by a higher priority firewall rule.

    – Sunny J.
    Jan 14 at 1:12











  • Just to ensure that the configuration were correctly done, could check the following: - Have you already checked if traffic from the VM Instance is allowed on the external proxy server on port 3459? - Is the VM instance able to send traffic to any other external hosts on the Internet? Also is it possible to share a basic diagram showing the expected network path from the VM instance to the proxy server (showing the NAT gateway instance and any other components in between the source and destination)

    – Sunny J.
    Jan 14 at 1:18



















  • - Every VPC network has two implied firewall rules which permit outgoing connections and block incoming connections (However, GCP firewall rules are stateful, it allows bidirectional communication once a session is established). Creating a firewall rule to allow outgoing traffic isn’t required unless outbound access is restricted by a higher priority firewall rule.

    – Sunny J.
    Jan 14 at 1:12











  • Just to ensure that the configuration were correctly done, could check the following: - Have you already checked if traffic from the VM Instance is allowed on the external proxy server on port 3459? - Is the VM instance able to send traffic to any other external hosts on the Internet? Also is it possible to share a basic diagram showing the expected network path from the VM instance to the proxy server (showing the NAT gateway instance and any other components in between the source and destination)

    – Sunny J.
    Jan 14 at 1:18

















- Every VPC network has two implied firewall rules which permit outgoing connections and block incoming connections (However, GCP firewall rules are stateful, it allows bidirectional communication once a session is established). Creating a firewall rule to allow outgoing traffic isn’t required unless outbound access is restricted by a higher priority firewall rule.

– Sunny J.
Jan 14 at 1:12





- Every VPC network has two implied firewall rules which permit outgoing connections and block incoming connections (However, GCP firewall rules are stateful, it allows bidirectional communication once a session is established). Creating a firewall rule to allow outgoing traffic isn’t required unless outbound access is restricted by a higher priority firewall rule.

– Sunny J.
Jan 14 at 1:12













Just to ensure that the configuration were correctly done, could check the following: - Have you already checked if traffic from the VM Instance is allowed on the external proxy server on port 3459? - Is the VM instance able to send traffic to any other external hosts on the Internet? Also is it possible to share a basic diagram showing the expected network path from the VM instance to the proxy server (showing the NAT gateway instance and any other components in between the source and destination)

– Sunny J.
Jan 14 at 1:18





Just to ensure that the configuration were correctly done, could check the following: - Have you already checked if traffic from the VM Instance is allowed on the external proxy server on port 3459? - Is the VM instance able to send traffic to any other external hosts on the Internet? Also is it possible to share a basic diagram showing the expected network path from the VM instance to the proxy server (showing the NAT gateway instance and any other components in between the source and destination)

– Sunny J.
Jan 14 at 1:18












1 Answer
1






active

oldest

votes


















1














You are creating an egress (--direction egress) rule, whereas you need an ingress rule to permit connections inbound destined to the GCE instance.






share|improve this answer
























  • opening Ingress port too didn't work

    – amulya349
    Jan 4 at 16:28











  • What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

    – Zach Seils
    Jan 4 at 20:44











  • It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

    – amulya349
    Jan 7 at 6:20











  • Does your GCP have an external IP address assigned or is using Cloud NAT?

    – Zach Seils
    Jan 7 at 14:14






  • 1





    The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

    – Zach Seils
    Jan 9 at 21:59













Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54003159%2fhow-to-connect-to-external-proxy-on-port-3459-from-gcp-vm-instance%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














You are creating an egress (--direction egress) rule, whereas you need an ingress rule to permit connections inbound destined to the GCE instance.






share|improve this answer
























  • opening Ingress port too didn't work

    – amulya349
    Jan 4 at 16:28











  • What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

    – Zach Seils
    Jan 4 at 20:44











  • It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

    – amulya349
    Jan 7 at 6:20











  • Does your GCP have an external IP address assigned or is using Cloud NAT?

    – Zach Seils
    Jan 7 at 14:14






  • 1





    The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

    – Zach Seils
    Jan 9 at 21:59


















1














You are creating an egress (--direction egress) rule, whereas you need an ingress rule to permit connections inbound destined to the GCE instance.






share|improve this answer
























  • opening Ingress port too didn't work

    – amulya349
    Jan 4 at 16:28











  • What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

    – Zach Seils
    Jan 4 at 20:44











  • It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

    – amulya349
    Jan 7 at 6:20











  • Does your GCP have an external IP address assigned or is using Cloud NAT?

    – Zach Seils
    Jan 7 at 14:14






  • 1





    The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

    – Zach Seils
    Jan 9 at 21:59
















1












1








1







You are creating an egress (--direction egress) rule, whereas you need an ingress rule to permit connections inbound destined to the GCE instance.






share|improve this answer













You are creating an egress (--direction egress) rule, whereas you need an ingress rule to permit connections inbound destined to the GCE instance.







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 2 at 20:22









Zach SeilsZach Seils

614




614













  • opening Ingress port too didn't work

    – amulya349
    Jan 4 at 16:28











  • What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

    – Zach Seils
    Jan 4 at 20:44











  • It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

    – amulya349
    Jan 7 at 6:20











  • Does your GCP have an external IP address assigned or is using Cloud NAT?

    – Zach Seils
    Jan 7 at 14:14






  • 1





    The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

    – Zach Seils
    Jan 9 at 21:59





















  • opening Ingress port too didn't work

    – amulya349
    Jan 4 at 16:28











  • What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

    – Zach Seils
    Jan 4 at 20:44











  • It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

    – amulya349
    Jan 7 at 6:20











  • Does your GCP have an external IP address assigned or is using Cloud NAT?

    – Zach Seils
    Jan 7 at 14:14






  • 1





    The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

    – Zach Seils
    Jan 9 at 21:59



















opening Ingress port too didn't work

– amulya349
Jan 4 at 16:28





opening Ingress port too didn't work

– amulya349
Jan 4 at 16:28













What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

– Zach Seils
Jan 4 at 20:44





What is the network connectivity between GCP and the external proxy? Is it accessible over the Internet or through VPN/Interconnect?

– Zach Seils
Jan 4 at 20:44













It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

– amulya349
Jan 7 at 6:20





It is accessible over the internet as a normal HTTPS proxy. I am using squid proxy server. I am able to use it on my local computer.

– amulya349
Jan 7 at 6:20













Does your GCP have an external IP address assigned or is using Cloud NAT?

– Zach Seils
Jan 7 at 14:14





Does your GCP have an external IP address assigned or is using Cloud NAT?

– Zach Seils
Jan 7 at 14:14




1




1





The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

– Zach Seils
Jan 9 at 21:59







The default VPC firewall allows all egress traffic, so you shouldn't need a rule unless you've modified the default behavior. Did you make any changes to the default (0/0) route in the VPC? Can you connect to other destinations on the Internet from the same instance(s)?

– Zach Seils
Jan 9 at 21:59






















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54003159%2fhow-to-connect-to-external-proxy-on-port-3459-from-gcp-vm-instance%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

MongoDB - Not Authorized To Execute Command

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
Read more

How to fix TextFormField cause rebuild widget in Flutter

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
Read more

in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

Image
1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
Read more