Fix issue with the opening of TCP ports for inlets-pro on GCE
utsavanand2 opened this issue · 4 comments
utsavanand2 commented
Expected Behaviour
The GCE operator should open up ports for inlets-pro
For users switching between inlets OSS and inlets-pro, the firewall rules should be
updated automatically.
Current Behaviour
If a firewall rule named inlets for inlets OSS already exists, it doesn't open up ports for inlets-pro
Possible Solution
PR #45
Steps to Reproduce (for bugs)
- Run inletsctl with inlets OSS
- Run inletsctl again with inlets-pro
alexellis commented
To be fair this isn't going to work. We need all ports to be opened. cc @adamjohnson01
The point of inlets-pro is that it's a pass-through TCP proxy, so we'd want ports as low as 22, 80 and 443 if that's what the user was punching out.
utsavanand2 commented
My PR will be opening 22, 80, 443, and ports from 1024 to 65535
…On Mon, Feb 3, 2020, 9:03 PM Alex Ellis ***@***.***> wrote:
To be fair this isn't going to work. We need all ports to be opened. cc
@adamjohnson01 <https://github.com/adamjohnson01>
The point of inlets-pro is that it's a pass-through TCP proxy, so we'd
want ports as low as 22, 80 and 443 if that's what the user was punching
out.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#44?email_source=notifications&email_token=AGAYDRMBDYMOCOKSCLVNHCLRBA2NVA5CNFSM4KPHFM52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKUIWUI#issuecomment-581471057>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGAYDRPBVMP2Y4PR5A2PB43RBA2NVANCNFSM4KPHFM5Q>
.
utsavanand2 commented
@alexellis Do you want any other ports to be opened apart from these?
utsavanand2 commented
Update: The linked PR #58 will open up all TCP traffic
cc @alexellis