Clearly its not on their FAQ. Nor can I find it on the web. Any one with an account can test the following for me?
telnet gateway.sandbox.push.apple.com 2195
I would start using their free tier and move on to the paid service later.
regards
mb
yes, if you own an ec2 instance you have full control over ports, i.e you decide what you want open.
http://aws.amazon.com/articles/1697
note outbound ports are open (aws firewall only blocks incoming)
the only cavet is if you run a firewall on the ec2 instance well (iptables/windows firewall), you would then need to configure the outbound rule.
Related
So I have GCP set up and Kubernetes, I have a web app (Apache OFBiz) running on pods in the GKE cluster. We have a domain that points itself to the web app, so essentially it's accessible from anywhere on the internet. Our issue is since this is a school project, we want to limit the access to the web app to the internal network on GCP, we want to simulate a VPN connection. I have a VPN gateway set up, but I have no idea what to do on any random computer to simulate a connection to the internal network on GCP. Do I need something else to make this work? What are the steps on the host to connect to GCP? And finally, how do I go about limiting access to the webapp so only people in the internal network have access to the webapp?
When I want to test a VPN, I simply create a new VPC in my project and I connect both with Cloud VPN. Then, in the new VPC, you can create VM that simulate computer in the other side of the VPN and thus simulate what you want.
To setup a VPN on GCP you can use Cloud VPN using static or dynamic routing, you will need to configure a remote peer from the location you want to access your GCP resources to establish the connection towards the Cloud VPN gateway on GCP end.
This means you may require a router that supports creating VPN tunnels on your on-premises or use a host that acts like a router to establish this connection using a VPN software towards Cloud VPN (like Strongswan, for example).
You can block external access to the resources on your VPC network by using GCP firewall rules and just allow specific ports or source IP ranges as you wish.
Another option, even if it's not a VPN or encrypted traffic, is to only allow ingress traffic from the public IP from where you would like to connect to your internal VPC, but this is less secure and would only work if you have an static public IP on your on-premises.
Since you said this is a school project, I would recommend asking your teacher for more direct advice. That said, you can't "simulate" a VPN but you can set up an IPSec client on your laptop or whatever and actually connect to it. Unfortunately Google doesn't appear to have any documentation on this so I'm guessing they presume you already know IPSec well enough to write a connection config yourself.
Using kubectl port-forward might be an easier solution.
I have an instance in google cloud. Within this instance I have a mail service that leaves through port 8025. It works for 5 months however, yesterday I stopped having access to that port.
How can I solve it?
Thank you
You might need to check the firewall rules of your project at VCP network > Firewall Rules and see if you have a firewall rule for port 8025.
You can create a new firewall rule using the following documentation
I am using Appache Tomcat to host webpages that can be accessed by authenticated users and a UDP socket has been opened on port 14550 in which devices sends a stream of communication messages. The system is working fine in the local network. I tried to host the this in Openshift and later found that Openshift does not allow external UDP communication. Now I am considering Amazon EC2 instance, new VM in Azure or in GCP. I would like to know that will there be any issue in using the sockets from my application. Thank you in advance.
No, on AWS EC2 everything is allowed, you just need to configure your Security Group to allow specific web traffic, UDP traffic can also be allowed their.
I was also looking for possible workaround for this issue, but it's quite easy irrespective of what platform language you are using to develop socket program on AWS EC2, as am using Node.js nginx in my case, this should work for all supporting platforms.
Configure Security Group
In the AWS console, open the EC2 tab.
Select the relevant region and click on Security Group.
You should have an default security group if you
have launched an Elastic Beanstalk instance in that region for your
app.
click on Actions button at top, and select Edit inbound rules.
here in Type column select All UDP, or you can set some Custom UDP
rule as well to listen at your socket port.
And there just enter port of your UDP server Ex: 2020.
And that's it!
Note: If something is not working, check the "Events" tab in the Beanstalk application / environments and find out what went wrong.
We are using TCP socket connection to send messages from one PC to another PC. Now, we have migrated our project to a cloud environment. It is possible to send messages from our own PC to the Amazon Cloud Instance. I have already tried this but I am unable to get the response in EC2 instance and also checked it by disabling firewall but no use. Please help me. Does anyone know how to achieve TCP Socket connection using Amazon EC2?
What are the settings of the security group of your aws instance?
Verify that you have allowed inbound traffic.
Check the below link on AWS security groups to know how to configure:
Amazon EC2 Security Groups .
I have a ubuntu pc's in internal sub-network that I'm running mongo on them. This machines are inaccessible from outside my company network.
I've seen the http://www.10gen.com/mongodb-monitoring-service which allow me to monitor the mongo setup. But which ip should I add into this cloud service?
Does there exists some install file to be installed on my pc, to allow me the monitoring the mongo?
The MMS monitoring agent will try to contact the MMS server on the internet and will push information in regular intervals, so there is no need to open listening ports.
The outbound connection will try to address port 443 (HTTPS), so the outbound connection should work by default in all but the most restrictive setups.
The MMS agent is written in python and requires some python-specific setup, but you can follow the installer steps from the manual.