Can't open port on Amazon EC2 instance

linux networking centos amazon-ec2 amazon-web-services

10,437

From the netstat output, it seems that your app is listening on loop-back interface only - 127.0.0.1:8080 and so you are not able to connect to it outside of the instance.

See e.g. ssh service - 0.0.0.0:22. This means the service is listening on "all network interfaces".

You need to reconfigure your application to make it listening not only on loop-back.

Another solution could be to add iptables DNAT rule so incoming requests are forwarded to the loop-back interface.

10,437

neustart47

Updated on September 18, 2022

Comments

neustart47 over 1 year
I have an API which I successfully hosted on Amazon AMI instance. I know that's for sure because I can use it locally using curl. Api hosted on port 8080.

That's what I putted into cmd for open port:
```
su
iptables -I INPUT -p tcp --dport 8080 -m state --state NEW -j ACCEPT
service iptables save
/etc/init.d/iptables restart
```
I turned the firewall off as well:
```
service iptables save
service iptables stop
chkconfig iptables off
```
That's how my out/in rules looks in AWS console:

And I still can't reach my app via server public IP from outside. Why that's happening?

UPDATE

Result for /sbin/iptables -L :
```
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
```
UPDATE 2

netstat -ltpn result:
```
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:8080              0.0.0.0:*                   LISTEN      3941/uwsgi
tcp        0      0 0.0.0.0:58704               0.0.0.0:*                   LISTEN      -
tcp        0      0 :::45589                    :::*                        LISTEN      -
tcp        0      0 :::22                       :::*                        LISTEN      -
tcp        0      0 :::111                      :::*                        LISTEN      -
```
- Ra_ about 7 years
  
  Have a look to Network ACL and Route tables under VPC Dashboard.
- user9517 about 7 years
  
  What is the error message you get from outside ?
- Berlin about 7 years
  
  What's the output of /sbin/iptables -L?
- neustart47 about 7 years
  
  @Thetimehascome I trying to check port state via telnet and I get "Could not open connection to the host, on port 8080: Connect failed"
- neustart47 about 7 years
  
  @Berlin I've added result for this command into my question
- dsmsk80 about 7 years
  
  Can you run netstat -ltpn command to check what services are listening on the instance? Can you try to run tcpdump -n -i NET_IFACE port 8080 to see if traffic is coming in? Can you ssh to the instance over the public IP?!?
- user9517 about 7 years
  
  Ensure that you are connecting to the correct IP address.
- neustart47 about 7 years
  
  @Thetimehascome yes, I completely sure
- neustart47 about 7 years
  
  @dsmsk80 I've updated question.
- neustart47 about 7 years
  
  @dsmsk80 that's what I see after tcpdump command and trying to send from outside request to my application: codeshare.io/GLjbB6
user9517 about 7 years

It's odd that the OP isn't getting Connection Refused which is normally diagnostic of this situation.