I have a couple of Centos 6 VMs that I am trying to setup. I assigned static IPs to them but when running ifconfig, I do not see the external IPs, just the internal IPs. Does Google not allow this capability?
In addition to what Anderson said, this is the command to query for the external IP from the instance itself:
curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google"
DHCP only supports requesting a single address. Google Compute Engine returns the internal IP address via DHCP, and maps the external assigned IP addresses to the VM using NAT.
If you want to fetch the assigned IP address from inside the VM, you could query the metadata server for that information.
Related
Is there a way to list all the Mule applications deployed in a VPC in Cloudhub, and their private IP addresses as a report (maybe in Monitoring)? I know the private IP addresses are dynamic and will change, but is there a way to get such a report?
There is no built-in way to do that however you can gather the information together with a script or application. I can give you the high level direction. You need to get the list of applications for each environment associated with the VPC, get the deployment region to confirm that it matches the VPC region (just in case that multi region deployments are enabled) and the status to ensure it is running. You can use CloudHub 1.0 REST API: https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/cloudhub-api/minor/1.0/pages/home/
Then with the resulting list of applications you can query the DNS names used by CloudHub 1.0:
mule-worker-myapp.region.cloudhub.io to get the public IPs
mule-worker-internal-myapp.region.cloudhub.io to get the internal IP inside the VPC
I have read a lot on GCP's Firewall rules and even got help from a dev-ops person who could not understand why these rules block my home IP from my App Engine Standard F1 instance.
Priority T Action IP range
2000 Allow XX.X.XX.XXX
2001 Allow xxxx:xxxx:xxxx:xxx:xxxx:xxxx:xxxx:xxxx // my V6 IP
default Deny *
When adding the V6 IP
I am allowed access but with strange errors, eg. refreshing the page shows a path error: But browsing there (or to any path) loads just fine.
Error: Not Found
The requested URL /feed was not found on this server.
Without the V6 IP (and only the V4 IP allow rule) I cannot access the instance.
How can I whitelist my own IP for access?
As reviewed in the comments, from the test I've made, I can confirm that connections are preferred to be done over IPv6 rather than IPv4.
As pointed out by this answer:
The first thing that a client determines is which protocols are available. ...It will then do a DNS lookup for both the A (IPv4 address) and AAAA (IPv6 address) records. If only one type is returned then it will use that. If both IPv4 and IPv6 addresses are returned the default behaviour depends a bit on the client software. Usually RFC 3484 is used.
According to the official standards it should prefer IPv6...
You can confirm this behaviour by checking into the logs the IP address that reaches the service of which you are testing the firewall rules (eg. default service); service, using the Logs Viewer.
Look up for a Log entry that matches a request you made (eg. to the /
root directory).
To show the latest logs, click Jump to now.
Under httpRequest on the field remoteIp you could check the IP address that your machine is using to access App Engine.
In order to do this, delete the rules you've created and change the default rule to Allow.
I have a question regarding IP Address in Google App Engine. I know there is no way to have a static IP-address, but my client have setup a Custom Domain with some IP-address showing up. My problem is:
There is an endpoint(API) that they are connected on, the problem is that the destination requires IP-address and PORT to open in their firewall-policy. Since there is no "Static IP" on Google App Engine, can i use those IP-address showing under "data" in Google App Engine in Custom Domains?
Because when i enter the domain in my web-browser i see the same IP listed in Custom Domain. Can i send over those IP-addresses than the Pool of IP by running: nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8Because those domain listed in nslookup is not shown in the network (remote address)
Thanks!
The result of running nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8 is not static. Google may introduce new _cloud-netblocks entries at any time.
In the Google Cloud documentation section Static IP Addresses and App Engine apps is the recommended approach to retrieve the IPs. You will have to run:
nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
And then, from the response , you'll have to query each of the _cloud-netblocksN listed. Let take this query response as an example:
Non-authoritative answer:
_cloud-netblocks.googleusercontent.com text = "v=spf1 include:_cloud-netblocks1.googleusercontent.com include:_cloud-netblocks2.googleusercontent.com include:_cloud-netblocks3.googleusercontent.com ?all
There's 3 _cloud-netblocksN listed, so you'll have to query them:
nslookup -q=TXT _cloud-netblocks1.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks2.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks3.googleusercontent.com 8.8.8.8
The SPF records returned from the query of each of those above entries will be IP ranges that you can use for App Engine.
The static IP address for AppEngine is now* possible using serverless NEG with Load Balancer.
See more on https://stackoverflow.com/a/62660953/4185100
Using this method, it is also possible to configure multiple domains/sub-domains with HTTPS load balancer which points to internal serverless resources (different AppEngine services, Cloud functions, etc)
Below is my scenario:
I am calling API Management from Logic APP.
I want to restrict IP Address so that only Logic App can call the API Management.
I am using the IP Filter as shown below for the IP Address mentioned here
<ip-filter action="allow | forbid">
<address>40.112.243.160</address>
<address>address</address>
</ip-filter>
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link. It starts with 10...*.
Am I missing anything here?
As far as I know, there is a list of outbound IP addresses for Azure Logic App per region. For more details, you can refer to the doc. If you want to avoid other users with the Logic App in the same region to have access to your resource or get a static single IP address, you can further use Azure API Management to act as a reverse proxy for the Logic App. And then use the policy in the APIM as below:
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
All logic apps in a region use the same ranges of IP addresses. To support the calls that logic apps directly make with HTTP, HTTP + Swagger, and other HTTP requests, set up your firewall configurations in your APIM so they include these outbound addresses, based on where your logic apps exist:
Here is the list of IP address of Logic App based on the region.
You could use the ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges in your APIM.
Policy statement
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
You could get your logic app ip address from this link. Then you could set APIM like:
<ip-filter action="allow">
<address>address1</address>
<address>address2</address>
<address>address3</address>
</ip-filter>
Update:
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link.
When you use logic app to call APIM, you could see the X-Forwarded-For attribute in output which is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
Here is my test snapshot. My logic app location is eastasia and my IP address is 13.75.94.173 which is inside the East Asia Outbound IP of Logic App.
This is regarding VM machine bitnami-wordpress-77fb and we have hosted sanver.com on this machine.
The sanver.com was not resolving, we checked and found that the machine was shutdown and ip address changed.
The previous ip address of VM machine was 130.211.77.24 and now it has changed to 104.155.55.243.
By default, an ephemeral external IP address is assigned to Google Compute Engine instances for the lifetime of the instance. Instance reboot/shutdown would cause a new ephemeral IP address to be assigned to the instance.
See more information here:
https://cloud.google.com/compute/docs/instances-and-network#ephemeraladdress