Google documentation says that If you have multiple services running on a VM, you may want to assign each one a different internal IP address. You can do this with Alias IP ranges.
I'm new to networking and I have followed the steps on the below document and created Alias IP Ranges, but I couldn't figure out how to assign an application to the internal IP that I have created?
https://cloud.google.com/compute/docs/alias-ip/configure-alias-ip-ranges
Once an alias IP range is assigned to a GCE instance, network services can be started on that instance listening on any IP address from the alias IP range, for example:
# Start listening on an IP address from the 10.128.1.0/24 alias IP range
netcat -l -p 8888 -s 10.128.1.12 -v
# Establish a test connection (same VM, different pane/tab)
netcat 10.128.1.12 8888 <<< “test connection”
Related
I have created a firewall rule in VPC network for port 22 by assigning an IP with the port e.g (192.168.xx.yy) instead of 0.0.0.0/0 in the rules. Now, when I create a compute engine VM instance in Google Cloud Platform and SSH into it, it states that "cannot connect to port 22".
I don't want the port tcp:22 to have ip range 0.0.0.0/0 but only have a single ip as stated above? How can I solve this issue?
The 192.168.x.x is an internal IP address, and in your situation would apply to a VM instance within the same network as the instance you want to connect to.
If you want to connect from outside that network, you'll need to set the source of the firewall rule to the external IP of the instance/machine you want to connect from. You can get your external IP by going to https://whatismyipaddress.com for example.
The firewall rule setting would be something like this:
Direction of traffic: Ingress
Action on match: Allow
Targets: Specified target tags (for example)
Source filter: IP ranges
Source IP ranges: x.x.x.x/32 (your external IP)
If you would not like to have your GCE instance's port 22 open to internet, but you would like to connect to it, I propose you 2 different solutions:
Create a bastion host. This VM is a proxy to access to your GCE instances. You log into the bastion and then you can perform a ssh hop to your GCE instance. Only the bastion host is opened to internet on port 22. And you can start this Bastion VM only when you need to connect to your others GCE instances, that increase the security and decrease the risk of attack on this "backdoor" instance.
For both the bastion and for directly reaching your VM on port 22, you can limit the source IP of your firewall rule to your current IP.
But remember, the IP is not a source of truth.
I've got several PCs, virtual and bare metal, that run clients of the collectd daemon and report their statuses to the monitoring server.
One of those PCs is incorrectly configured and reports localhost as its name.
How can I find its IP address?
The simple answer would be to run a tcpdump on the port used for collectd (port 2003 for example) and check the different IPs.
run ssh and pipe directly to the config file to see which one has the wrong host set:
echo "sudo nano /etc/collectd/collectd.conf | grep "Host" | ssh user#IP
My environment has 2 hosts and a VM on each host. NVGRE tunnel is created, as VMs and Hosts belongs to different subnets. I am using Windows server 2012 R2 hosts and same VMs. Hosts are connected back to back. If I put VMs and Hosts in same subnet Ping works.
Both the VMs are receiving ARP requests and responses from each other. ARP cache of each VM is having dynamic entry of other VM.
BUT ICMP request packet from VM is not even seen on its Host.
You cannnot just ping from one host to another host.
To ping provider address from your host, -p option is needed.
Example:
$address = (Get-NetVirtualizationProviderAddress).ProviderAddress
ping -p $address
Please put virtualization lookup records when you need more help.
Run following commands as administrator.
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationCustomerRoute
Also make sure your VM's firewall allows ICMP echo.
I am checking the internet connection of my computer and do not understand a few points.
The following is a result from $ netstat:
I do not understand why for some items in the list have localhost:xxxxx as their foreign address.
since netstat shows the internet connections, shouldn't this show IP addresses of outside my computer?
netstat per default tries to convert the data it finds into host names. It does so by reverse resolving the IP addresses via DNS.
For example, 127.0.0.1 gets replaced with localhost in this case.
The same happens with the ports, but there it doesn't happen via DNS, but via a file like /etc/services which provides a mapping between port numbers and service names.
You can prevent this with the netstat option -n.
The machine has 2 ip address, first is 192.168.0.10, and the other one is 192.168.0.12, 192.168.0.12 is a VIP(keepalived).
I wanna nginx send data out to targe machine with the source IP VIP 192.168.0.12, but, target machine detect the ip is 192.168.0.10.
Is there any way to set the nginx source ip to the VIP 192.168.0.12?