I am trying to deploy a Ruby Sinatra api onto port 4567 of an EC2 micro instance.
I have created a Security Group with the following rules (and created the instance with said security group):
--------------------------------
| Ports | Protocol | Source |
--------------------------------
| 22 | tcp | 0.0.0.0/0 |
| 80 | tcp | 0.0.0.0/0 |
| 443 | tcp | 0.0.0.0/0 |
| 4567 | tcp | 0.0.0.0/0 |
--------------------------------
I bound myapp.rb on port 4567 (the default, but for verbosity):
set :port, 4567
and ran the service:
ruby myapp.rb
[2013-09-05 03:12:54] INFO WEBrick 1.3.1
[2013-09-05 03:12:54] INFO ruby 1.9.3 (2013-01-15) [x86_64-linux]
== Sinatra/1.4.3 has taken the stage on 4567 for development with backup from WEBrick
[2013-09-05 03:12:54] INFO WEBrick::HTTPServer#start: pid=1811 port=4567
Used nmap while ssh'd in the EC2 instance on localhost:
Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-05 03:13 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
PORT STATE SERVICE
4567/tcp open tram
Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Used nmap while ssh'd in the EC2 instance on the external ip:
Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-05 03:15 UTC
Nmap scan report for <removed>
Host is up (0.0036s latency).
PORT STATE SERVICE
4567/tcp closed tram
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
How do I change the state of the port from closed to open?
You’re starting Sinatra in the development environment. When running in development Sinatra only listens to requests from the local machine.
There a few ways to change this, the simplest is probably to run in the production environment, e.g.:
$ ruby myapp.rb -e production
You could also explicitly set the bind variable if you wanted to keep running in development:
set :bind, '0.0.0.0' # to listen on all interfaces
There are two possible causes for your problem.
Your service is only listening to connections on the loopback interface.
A software firewall is running and is blocking connections from outside on that port.
Related
Take note of the port 9000 below. It's open for localhost but not the external IP. Anyone can provide help? I have already disabled the firewall
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 05:53 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000020s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8031/tcp open unknown
8042/tcp open fs-agent
8088/tcp open radan-http
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 2.51 seconds
[root#localhost ~]# nmap 192.168.146.128
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 05:54 PDT
Nmap scan report for 192.168.146.128
Host is up (0.000037s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8031/tcp open unknown
8042/tcp open fs-agent
8088/tcp open radan-http
[root#localhost ~]# firewall-cmd --zone=public --permanent --add-port=9000/tcp
FirewallD is not running
Modify core-site.xml. For the entry fs.default.name, change the value to hdfs://0.0.0.0:9000 and restart the service.
If you set the entry to localhost, then TCP will listen on 127.0.0.1 which is only available internally to the machine. Using 0.0.0.0 means listen on all network interfaces which allows for external access.
May I know how to open port 11211 for EC2 instance memcached server?
I'm trying to connect from Rails server to memcached server. However something is wrong with my security group setting.
What I did so far is
To launch 2 instances. One is Rails server, the other is memcached server.
To set up security groups
Rails server : Outbound => All traffic , All protocol, All port
memcached server : Inbound =>
ssh TCP, port 22, All source
Custom TCP Rule port, 11211, Rails server IP address
When I login to Rails server and execute below command, it looks working for port 22
$ telnet <memcached private IP address> 22
Trying <IP address>...
Connected to <IP address>.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4```
But when I check port 11211, it doesn't work.
$ telnet <memcached private IP address> 11211
The first question is why only port 22 is working? Even if I've set almost the same thing into security group???
When I login to memcached server and check the status, it looks working.
$ sudo /etc/init.d/memcached status
● memcached.service - memcached daemon
Loaded: loaded (/lib/systemd/system/memcached.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-02-14 14:23:40 UTC; 19h ago
Main PID: 7569 (memcached)
Tasks: 6
Memory: 628.0K
CPU: 2.093s
CGroup: /system.slice/memcached.service
└─7569 /usr/bin/memcached -m 64 -p 11211 -u memcache
$ sudo netstat -ltup4
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:11211 *:* LISTEN 6486/memcached
udp 0 0 *:11211 *:* 6486/memcached
Could you let me know what should I do?
you need to add the security group of you rail server in the memcached server inbound rule.
Add a new rule, select your protocol and port range. For "Source", type or select your security group.
SSS == 'Selenium Standalone Serwer'
I've got:
installed SSS by homebrew
downloaded couple versions of SSS
macOS High Sierra with IP's:
192.168.0.1
172.18.0.1 - IP for docker
localhost/127.0.0.1
I have turned off my firewall
I run this server in one of the following ways:
selenium-server -port 4444
java -jar selenium-server-standalone-3.8.1.jar -port 4444
after this, I've got logs:
2017-12-22 12:34:23.280:INFO:osjs.AbstractConnector:main: Started ServerConnector#210ab13f{HTTP/1.1,[http/1.1]}{0.0.0.0:4444}
so as I understand 0.0.0.0 it listens for all IPs
BUT
I can not connect to this server using IP 192.168.0.1 or 172.18.0.1
I can use the only localhost for connecting to this server.
netstat doesn't display port 4444 as open.
When I do this same on Ubuntu 16.04 it works great. I can create a new session using all addresses, I can create a new session also from docker container.
Can you tell me what I'm doing wrong or what I don't know?
I have an EC2 instance which is running with the following security groups:
HTTP - TCP - 80 - 0.0.0.0/0
Custom UDP Rule - UDP - 1194 - 0.0.0.0/0
SSH - TCP - 22 - 0.0.0.0/0
Custom TCP Rule - TCP - 943 - 0.0.0.0/0
HTTPS - TCP - 443 - 0.0.0.0/0
However, when I try to access http://{PUBLIC_IP} or https://{PUBLIC_IP} in the browser, I get a "{IP} refused to connect" error. I'm new to AWS. Am I missing something here? What should I do to debug?
One way to debug this particular class of problem is to use netcat in order to determine where the problem lies.
If you run netcat against port 80 on the public IP address of your instance and just get a hang (no output at all), then most likely your security group isn't allowing traffic through. Here is an example from an EC2 instance that is in a security group that doesn't allow port 80 traffic inbound:
% nc -v 55.35.300.45 80
<just hangs>
Whereas if the security group is changed to allow port 80, but the EC2 instance doesn't have any process listening on port 80, you'll get the following:
% nc -v 55.35.300.45 80
nc: connectx to 52.38.300.43 port 80 (tcp) failed: Connection refused
Given that your browser gave you a similar "connection refused", most likely the problem is that there is no web server running on your instance. You can verify this by ssh'ing into the instance and seeing if you can connect to port 80 there:
ssh ec2-user#55.35.300.45
% nc -v localhost 80
nc: connect to localhost port 80 (tcp) failed: Connection refused
If you get something like the above, you're definitely not running a webserver.
I'm not sure if it's too late to help but I was stuck with a similar issue with my test server
SG Inbound: ssh -> 22
HTTP -> 80
NACL: default allow/deny settings
but still couldn't ping to the server from my browser, then I realize there's nothing running on the server that can serve the request, and I started httpd server (webserver) and it worked.
sudo yum -y install httpd
sudo service httpd start
this way you can test the connectivity if you are playing with SGs and NACLs and of course it's not the only way, just an example if you're figuring your System N/W out.
Have you installed webserver(ngingx/apache) to serve your requests. If so please share your the config files. (So that it will help to troubleshoot)
I think the reason is probably that you did not set up a web server for your EC2 instance, because if you try to access http://{PUBLIC_IP} or https://{PUBLIC_IP}, you need to have a background server to serve the http request as #Niranj Rajasekaran said.
By the way, by simply pinging the {PUBLIC_IP}, you could see if your connection to your EC2 instance is normal or not.
In command prompt or terminal, type
ping {PUBLIC_IP}
In my case, the server was running but available on just 127.0.0.1 so it refused connections from external hosts. To see if this is your situation, you can run
netstat -an | grep <port number>
If it says 127.0.0.1:<port number> instead of 0.0.0.0:<port number>, you have this problem.
Usually there's a flag or an argument in your server code somewhere to set the host to 0.0.0.0:
app.run(host='0.0.0.0') # flask example
However, in my case, I had already set this so I thought that couldn't possibly be the issue, which is how I ended up on this thread, which asks more generally about the problem. Unfortunately, I was using docker, and had set 0.0.0.0 on the container but was mapping that explicitly to 127.0.0.1 on the host in the docker-compose port-mapping:
ports:
- "127.0.0.1:<port number>:<port number>"
Changing that line to remove the host IP specification fixed the problem upon re-deploy:
ports:
- "<port number>:<port number>"
I am trying to send an email using the postfix server on amazon EC2 instance.
The command is: sendmail xxxxxx#gmail.com
FROM:localhost
SUBJECT:Welcome
this is a test email....
.
However I am getting the following error in the /var/log/maillog file.
the error is:
Jan 13 09:00:37 ip-172-31-32-76 postfix/pickup[26635]: C43AE62D00: uid=222
from=
Jan 13 09:00:37 ip-172-31-32-76 postfix/cleanup[26727]: C43AE62D00:
message-id=<20140113090037.C43AE62D00#"HOSTNAME">
Jan 13 09:00:37 ip-172-31-32-76 postfix/qmgr[26636]: C43AE62D00:
from=<"MYHOSTNAME">, size=435, nrcpt=1 (queue active)
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]:
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]: C43AE62D00:
to=, relay=none, delay=22, delays=22/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2525: Connection refused)
I have hidden the details for hostname and the email ID to which I want to send.
please help me out in thus regard.
I have also added the port 25 in the outbound and inbound port in the security groups for my instance.
Regards,
Anurag
I think the other service is running in the same port,
"netstat -tap" run the command and check whether the same port is using for something.
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Something is preventing Postfix from using this port. (Port 2525 is sometimes being used instead of 587 as an alternative smtp port. )
Verify which ports are listening:
netstat -tanp | grep LISTEN
If you see sendmail (or any other MTA except for Postfix):
tcp 0 0 127.0.0.1:2525 0.0.0.0:* LISTEN 1014/sendmail
get rid of it:
service sendmail stop
yum remove sendmail
Verify settings on the first table row in:
/etc/postfix/master.cf
If it says:
smtp inet n - n - - smtpd
postfix listens on port 25 and your security group settings make sense. IF the line says
2525 inet n - n - - smtpd
you are telling postfix to listen on port 2525 for incoming smtpd connections.
The line that says:
submission inet n - n - - smtpd
does not begin with a comment.
Verify iptables rules, adjust if necessary:
iptables -L -n
This could be unrelated but I'm going to post it here because I had a hard time finding the answer to my question. I was able to get outbound email working from a vagrant virtual box by editing my /etc/resolv.conf to use Google's nameserver rather than the 10.0.x.x IP it was set to:
sudo nano /etc/resolv.conf
Change the nameserver IP:
nameserver 8.8.8.8
Then you'll need to restart postfix:
sudo /etc/init.d/postfix restart