google-compute-engine,tcpdump"/>
  • 10
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Understanding failed connection reason

Edit: The issue came about because our machines did not have external IP address and so outgoing traffic was going through Cloud NAT, which was misconfigured (min connections per vm)

I am having issues with a GCP machine being able to connect to an external HTTP server. Below is a line from tcpdump

16:17:26.561616 IP 2.2.2.2 > 3.3.3.3.http: Flags [S], seq 1152634327, win 28400, options [mss1420,sackOK,TS val3415260604 ecr 0,nop,wscale 7], length 0
16:17:26.561736 IP 1.1.1.1 > 2.2.2.2: ICMP host 3.3.3.3 unreachable - admin prohibited filter, length 68

1.1.1.1 is a GCP gateway
2.2.2.2 is my machine on GCP
3.3.3.3 is the external server

How do I know which machine is enforcing the rule that blocks the connection attempt?

GCP has 2 implied rules stated in the link . The implied egress rule permits all the egress traffic with the lowest priority (65535).

I have replicated the scenario an placed a firewall rule to my GCP project (wheew is my GCP VM source address) denying all the egress traffic to a specific external address (x.x.x.x), I got that TCPdump (performed over my instance) shows reattempts of connection:

Where x.x.x.x is an external IP and vminstance is my GCP Instance.

18:19:50.499009 IP vminstance.39728 > x.x.x.x.80: Flags [S], seq 1309572437, win 28400, options [mss 1420,sackOK,TS val 323066870 ecr 0,nop,wscale 7], length 0

18:19:51.527849 IP vminstance.39728 > x.x.x.x.80: Flags [S], seq 1309572437, win 28400, options [mss 1420,sackOK,TS val 323067128 ecr 0,nop,wscale 7], length 0

So stated that, and compared to your output you may want to look the remote network/host firewall rules

  • 1
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags