Reputation: 41
GCP VM has firewall to allow /24 but some IPs get rejected
Problem Description Our SRE had setup a firewall for a pool of VMs to allow 10.0.0.0/24 on certain ports.
When I connect through VPN, I get assigned 10.20.10.1 and I can access the target. When a coworker connects through VPN, he gets assigned 10.20.1.3 on one machine and 10.20.1.4 on another. He can access target on from computer with 10.20.1.3 but he gets forbidden 403 error from 10.20.1.4.
At one time I hadd added a rule to allow all IPs and all ports and yet it didn't work, now ofcourse I have removed that.
Current Setup
- External IP Addresses on VPC Network has a static premium forwarding rule defined for target URL
- Forwarding rule is assigned to a target pool on load balancing
- Target pool has 3 VMs, the VM I am interested has label goog-gke-node, Network interface has it's own primary internal IP, alias range of 10.4.0.0/24 and external IP which is different from forwarding. Ingress Analysis shows 10.0.0.0/24 open
Upvotes: 1
Views: 227
Answers (1)
Reputation: 21
The RFC7231 mentioned that the 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it link.
So the firewall rules set up inside GCP are working fine becuase is allowing the connection to your VM but the IP 10.20.1.4 it seems has a kind of restriction to access so, I suggest to check the application's permissions. I hope this link might be useful for you.
Upvotes: 1
Related Questions
- Google Cloud Compute Engine refusing connections despite firewall rule
- In GCP, how to create firewall rules to isolate subnets by their IP ranges?
- GCP firewall rule for tcp port are not working
- How to fix GCP firewall rules are not working
- Cannot connect to google cloud external static ip
- Why does GCP not allow external public IP within VM
- GCP: connection only between VM's (do not allow external IP's)
- GCP: firewall rules limits
- Google GCP Filtering on the source IP ports?
- open firewall for multiple IPs