Reputation: 33
Only allow traffic from a GCP load balancer to a VM
I am new to GCP and have set up a simple VM with a program listening on port:4000.
I also set up an external HTTPS load balancer connected to a domain with an SSL cert.
The load balancer routes traffic to the backend service on port:4000 of the VM and everything works fine.
The issue is that I want to restrict access to port 4000 on the VM so it would only accept traffic from the load balancer and not have it completely open, as it is now.
I changed the firewall rule filter from 0.0.0.0/0 to 35.208.137.235 which is the frontend IP of the load balancer.
But now the VM doesn't accept ingress traffic at all. how should I set it up to only accept traffic from the load balancer?
Upvotes: -1
Views: 565
Answers (2)
Reputation: 33
Thanks to Guillaume I found the answer, although the ranges 35.191.0.0/16 and 130.211.0.0/22 are for health checks not for traffic between the load balancer and the VM.
The answer is that I am using a regional load balancer and it uses a specific proxy subnet to handle the traffic between the LB and the VM.
the solution I found here after following Guillaume's link.
Upvotes: 0
Reputation: 75970
Allow these ranges 35.191.0.0/16 and 130.211.0.0/22 as "ingress" rule. It should work.
https://cloud.google.com/load-balancing/docs/firewall-rules
Upvotes: 1
Related Questions
- is it possible to restrict access to GCS bucket from GCP load balancer only?
- How to redirect HTTP to HTTPS using GCP load balancer
- GCP open firewall only to cloud shell
- GCP: How to force ssl behind an ssl proxy load balancer?
- GCP: Allowing Public Ingress Web Traffic from the Load Balancer ONLY
- Google Cloud http load balancer SSL termination