×


Google Cloud Error code 4003 - Fix it Now ?

Google Cloud Error code 4003 indicates that the instance isn't listening on the port you're trying to connect to or the firewall is closed.

This can basically cause the start-up connectivity test to the VM instance to fail.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Google Cloud queries.

In this context, we shall look into methods to fix this Google Cloud error.


Nature of Google Cloud Error code 4003 ?

In order to fix this error, we need to ensure that the listening process on the VM runs and listens on the correct port. Then, we verify if the Google Cloud firewall is configured correctly and open.


How to Configure Firewall Rules ?

To configure Firewall rules in Google Cloud, do the following:

a) Conditions that require firewall ingress rule configuration

We need to create a firewall ingress rule to enable traffic from Filestore instances to your clients if:

  • We use NFS file locking in the applications accessing the Filestore instance.
  • The VPC network we use has firewall rules that block TCP port 111 or the ports used by the statd or nlockmgr daemons.
  • We strongly recommend setting the statd and nlockmgr ports if they are not.

b) Conditions that require firewall egress rule configuration

Suppose the VPC network we use has a firewall egress rule that blocks traffic to TCP ports 111, 2046, 2049, 2050, or 4045.

  • In addition, it targets the IP address ranges the Filestore instances use.
  • Then we need to create a firewall egress rule to enable traffic from the clients to our Filestore instances.
  • We can get the reserved IP address range for any Filestore instance from the Filestore instances page.
  • Or we can run the gcloud filestore instances describe.


How to Create a firewall ingress rule ? 

Now, follow the steps to create a firewall rule. This will enable traffic from Filestore instances.

1. Initially, we check the current port settings.

2. Then on the Firewall page in the Google Cloud Console, we click Create a firewall rule.

3. We enter a unique Name for it.

4. We specify the Network in which we implement the firewall rule.

5. Then we specify the Priority of the rule. If this rule will not conflict with any other rules, we leave the default of 1000. Otherwise, we set a lower value.

6. Choose Ingress for Direction of traffic and Allow for Action on the match.

7. For Targets, we take one of the following actions:

a) To allow traffic to all clients in the network from Filestore instances, we choose All instances in the network.

b) To allow traffic to specific clients, we choose Specified target tags. We can type the instance names of the clients in Target tags.

8. Leave the default value of IP ranges for the Source filter.

9. For Source IP ranges, we type the IP address ranges of the Filestore instances we want to allow access from. We must use CIDR notation.

10. We leave the default value None for the Second source filter.

11. For Protocols and ports, we choose Specified protocols and ports and then:

a) Select the tcp check box and enter 111,STATDOPTS,nlm_tcpport in the associated field, where:

b) (High Scale SSD only) Select the udp check box and enter the value of nlm_udpport, the udp port nlockmgr uses.

12. Finally, we select Create.


How to Create a firewall egress rule ?

Use the following procedure to create a firewall rule to enable traffic to Filestore instances.

1. Initially, we go to the Firewall page in the Google Cloud Console.

2. Then click Create a firewall rule.

3. Here, we enter a unique Name for the firewall rule.

4. We specify the Network in which we want to implement the firewall rule.

5. Then we specify the Priority of the rule.

6. Choose Egress for Direction of traffic and Allow for Action on the match.

7. For Targets, take one of the following actions:

a. Like the above, to allow traffic from all clients in the network to Filestore instances, we choose All instances.

b. Then to allow traffic from specific clients to Filestore instances, we choose Specified target tags.

8. For Destination IP ranges, we type the IP address ranges of the Filestore instances we want to allow access to.

9. For Protocols and ports, choose Specified protocols and ports.

10. Then we select the tcp check box and enter 111,2046,2049,2050,4045 in the associated field.

11. Finally, we select Create.


[Need help with the fix Google Cloud errors? We'd be happy to assist you. ]


Conclusion

This article covers methods to resolve the Google Cloud Error code 4003 for our customers. This issue can cause the start-up connectivity test to the VM instance to fail.

Therefore, Ensure that the listening process on the VM is running and listening on the correct port. Also, verify that your Google Cloud firewall is configured correctly and open on the port you're connecting to.