I have hosted web application (developed in PHP) on Amazon EC2 micro instance. As per default setting, i can access 80, 22, 443 and 3306 ports from remote locations means from Home(terminal window) using telnet command.
I want to open another custom TCP port XXXXX. I have added that port in Security Group. when i am trying to connect that port through telnet command it is always show "Connection refused".
I have been trying to solve this issue for 3 days but could not get successful solution.
Help would be really appreciated.
Thanks
Adding a port in security group (inbound) ensures that the port can be accessed from outside. Please check following
Is the port open for anywhere (0.0.0.0/0) or for a custom IP. If for custom IP, please check the IP of your machine (search 'what is my ip' on google).
Is there any application listening on the port on EC2 machine.
Related
I created a simple web application on AWS ec2 ubuntu instance, but was unable to access the webpage by ip and port from other machines. The application binds on 0.0.0.0:80, and this port has been added into ufw allowing list. Within the aws control panel, I also added 80 to the rule lists.
Currently, I could access the port 22 by telnet ip 22 but no way to get responses from ping ipaddress, it shows request timeout. It also blocks on telnet ip 80 without any responses.
Any ideas? Really appreciate it
here are some troubleshooting tips.
Check if the web application is actually running
you can do this simply by doing a telnet ip 80 from the instance itself
disable the internal firewall
try disabling the firewall inside the instance, see whether it's working.
ping
In order for ping to work, enable ICMP protocol in your AWS security group
I am trying to configure OpenVPN to my Amazon EC2 Ubuntu instance. I have opened up both TCP and UDP ports on both the load balancer and the VPC instance. I can connect if I open my putty session to the server and set a SSH tunnel on port 1194, and then connect OpenVPN on localhost 1194, but I am trying to figure out how to set my DNS entry so that I can just connect through the VPN using UDP without setting a SSH tunnel. Any advice? I have tried so many combinations and read everything I can find...
Ok, I finally worked it out. The cname has to match the actual address of the vpc directly, it cannot go through the load balancer and the aname matches the IP of the OpenVPN.
I am working in a software where I am running a couple of specific web service in the host machine and I want to access them from the guest machine. These are the configuration of my services.
guest IP : 192.168.33.10
host IP : 192.168.1.100
The services on the host runs on port 10001, 7000. When I try to connect to the service on port 10001 everything works fine. But I cannot connect to the service in port 7000.
I connect to the service on port 10001 in the host in the following
URL http://192.168.1.100:10001
I connect to the service on port 10001 in the host in the following
URL http://192.168.1.100:7000
I get the message Failed to connect to 192.168.33.1 port 7000: Connection refused.
Can anyone tell me the reason and how to resolve it?
Stop the second service. Reconfigure the first onto 7000 port to see if it still works. If not, try a different port. If so you can rule out firewall/vagrant etc.
If it turns out to be a service specific issue, which IP address does the second service bind to? localhost/127.0.0.1/192.168.1.100? The service might never be accessible via the public IP 192.168.1.100.
I am new to MQTT and have been trying to implement MQTT MOquette on AWS EC2, i tried the configuration and installation of broker on my machine and was able to connect and test it from client, however when i do the same from Aws EC2 instance i can see the ports 1883, 8080 listening to 0.0.0.0 ip address but when i connect from client i am not able to connect.
While configuring host in local machine i provided 0.0.0.0 for host and ports 1883, 8080 and on AWS server i provided the private ip for host and ports are 1883, 8080. I have added rules in security groups to allow tcp on 1883 & 8080.
My question is what should be the host value i should use on AWS like private ip or aws url like 'ec2-XX-XX-XXX-XX.us-west-2.compute.amazonaws.com' and what would be the url from which i could access broker from client like 'tcp://ec2-XX-XX-XXX-XX.us-west-2.compute.amazonaws.com' or the IP
What would i be doing wrong here ?? stuck with this issue
Thanks All
After some search i was finally able to solve the issue, i was always checking for security groups where everything was right but i missed adding rule in ec2 instance firewall for the ports 1883, 8080. Once its done i was able to connect to the broker from external clients.
Thanks for all who tried to help.
I am having trouble connecting to an Amazon Elastic Cloud Computer Instance via a browser.
I attempted going to ********.compute-1.amazonaws.com , but the browser returns that the connection has timed out.
I can connect via ssh and winscp. That is how I uploaded a web app I developer. I have also created a security group and added rules to open ports 22 and 80.
Do I have to assign the security group to the instance somehow?
The security group's rules also do not have a source IP, well they do its 0.0.0.0/0
I would really appreciate any and all help in getting this site ' viewable ' via a browser.
By default, your instances will only be in the default security group. If it's an EC2 instance you cannot change security groups while the instance is running, you'll have to specify them in advance. If it's a VPC instance you can change security groups at runtime.
Add the rule to the default group
You can however add the rule to allow port 80 to that default security group; just don't create a new security group as it can not be associated with the running instance.
Is the web server up?
Also, make sure that your web server is up and running. From your instance (using SSH shell access), check if the right process is listening on port 80, using the command netstat -lnp. You should then see a row with proto tcp and a Local Address ending in :80. The IP Address listed should be either 0.0.0.0 (meaning 'any IP') or a specific IP of a listening network interface.
Web server not up
If you are in need of a web server, take a look at Apache or Nginx. They both support PHP.
Hope this helps.
I had also faced similar issue with ec2 micro instance. I was using Red-Hat AMI. Despite of opening ports 8081 in security group, I was not able to a telnet to the host port. Disabling the iptable did the trick for me:
sudo /etc/init.d/iptables stop
Do not forget to disable firewall if you use windows for your server.
I faced the same issue while setting up redash AMI image on AWS. Inbound security rules should be changed when instance is not running. Let's say if the instance is running (meaning it's active and started); If you change the inbound rules of that machine you'll still face firewall issue. So Stop the machine on which you want to change the inbound rules on. Change the inbound rules. Start the machine now. Now you can hit the machine url from the ip you just opened the access to the machine to.
The EC2 instance firewall is maybe enabled.
Check it with this command:
sudo systemctl status firewalld
if enabled you can disable it with :
sudo systemctl disable firewalld
or setup rules to allow port 80 trafic