This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

port 443 cannot connect

Posted 2 weeks ago
AshleyYang
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,everyone,please help me.

I use plesk and GCP Compute Engine services. Plesk needs to obtain the monthly updated license through port 443 every month.

Outgoing connections to the Key Administration server are blocked by a local or intermediate firewall.
We've verified that the issue is not within the server firewall:

firewall-cmd --list-all
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: eth0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Plesk firewall and fail2ban are not installed either. While inspecting Google firewall rules and adding allow-all Egress rule, the situation didn't improve.
 
Google Firewall is not allowing the outgoing traffic - even a simple connection to the google.com fails both https/http:

curl -v https://google.com
About to connect() to google.com port 443 (#0)
Trying 108.177.125.102…
Connection timed out
Trying 108.177.125.100…
After 86386ms connect time, move on!
Trying 108.177.125.139…
After 43191ms connect time, move on!
Trying 108.177.125.113…
After 21595ms connect time, move on!
Trying 108.177.125.138…
After 10797ms connect time, move on!
Trying 108.177.125.101…
After 5398ms connect time, move on!
Trying 2404:6800:4008:c06::8a…
Failed to connect to 2404:6800:4008:c06::8a: Network is unreachable
Trying 2404:6800:4008:c06::65…
Failed to connect to 2404:6800:4008:c06::65: Network is unreachable
Trying 2404:6800:4008:c06::8b…
Failed to connect to 2404:6800:4008:c06::8b: Network is unreachable
Trying 2404:6800:4008:c06::64…
Failed to connect to 2404:6800:4008:c06::64: Network is unreachable
Failed connect to google.com:443; Network is unreachable
Closing connection 0
curl: (7) Failed to connect to 2404:6800:4008:c06::8a: Network is unreachable

It seems that the GCP higher-level firewall blocks port 443

0 1 72
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
kensan
Staff
Reply posted on --/--/---- --:-- AM

Hi @AshleyYang 

Welcome to Google Cloud Community.

The curl test results, specifically "Connection time out" for IPv4 and "Network is unreachable" for IPv6, suggest a routing issue.

A VM can only connect to the internet if it has a path to do so. This usually means two things:

  • Your VM instance needs an external IP address. Even with the right firewall settings, your VM won't be able to connect to the public internet on its own without an external IP. To make those connections, you'll need to set up either an ephemeral external IP or a Cloud NAT gateway.
  • Your Virtual Private Cloud (VPC) network needs a default route to the internet. Just make sure your VPC setup has a default route (0.0.0.0/0) pointing to the Default Internet Gateway. If it's missing or set up incorrectly, you'll need to create it again.

If both those things are true, you'll want to check your egress firewall rules again. Make sure there isn't a 'Deny' rule that's lower in priority than your 'Allow' rule and that applies to your virtual machine.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes
Top Labels in this Space