Can't open port on Amazon EC2 instance
From the netstat
output, it seems that your app is listening on loop-back interface only - 127.0.0.1:8080
and so you are not able to connect to it outside of the instance.
See e.g. ssh
service - 0.0.0.0:22
. This means the service is listening on "all network interfaces".
You need to reconfigure your application to make it listening not only on loop-back.
Another solution could be to add iptables DNAT
rule so incoming requests are forwarded to the loop-back interface.
Related videos on Youtube
neustart47
Updated on September 18, 2022Comments
-
neustart47 over 1 year
I have an API which I successfully hosted on Amazon AMI instance. I know that's for sure because I can use it locally using curl. Api hosted on port 8080.
That's what I putted into cmd for open port:
su iptables -I INPUT -p tcp --dport 8080 -m state --state NEW -j ACCEPT service iptables save /etc/init.d/iptables restart
I turned the firewall off as well:
service iptables save service iptables stop chkconfig iptables off
That's how my out/in rules looks in AWS console:
And I still can't reach my app via server public IP from outside. Why that's happening?
UPDATE
Result for
/sbin/iptables -L
:Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
UPDATE 2
netstat -ltpn
result:Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 3941/uwsgi tcp 0 0 0.0.0.0:58704 0.0.0.0:* LISTEN - tcp 0 0 :::45589 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 :::111 :::* LISTEN -
-
Ra_ about 7 yearsHave a look to Network ACL and Route tables under VPC Dashboard.
-
user9517 about 7 yearsWhat is the error message you get from outside ?
-
Berlin about 7 yearsWhat's the output of /sbin/iptables -L?
-
neustart47 about 7 years@Thetimehascome I trying to check port state via telnet and I get "Could not open connection to the host, on port 8080: Connect failed"
-
neustart47 about 7 years@Berlin I've added result for this command into my question
-
dsmsk80 about 7 yearsCan you run netstat -ltpn command to check what services are listening on the instance? Can you try to run tcpdump -n -i NET_IFACE port 8080 to see if traffic is coming in? Can you ssh to the instance over the public IP?!?
-
user9517 about 7 yearsEnsure that you are connecting to the correct IP address.
-
neustart47 about 7 years@Thetimehascome yes, I completely sure
-
neustart47 about 7 years@dsmsk80 I've updated question.
-
neustart47 about 7 years@dsmsk80 that's what I see after tcpdump command and trying to send from outside request to my application: codeshare.io/GLjbB6
-
-
user9517 about 7 yearsIt's odd that the OP isn't getting
Connection Refused
which is normally diagnostic of this situation.