Disabling the firewall in Ubuntu on an Amazon EC2 instance
NOTE: You will have to have access to the AWS dashboard in order to follow this procedure:
In your AWS Dashboard, please go to Services > Compute > EC2 so you can see all your EC2 instances (make sure you are in the correct region).
Once in the EC2 dashboard, go to the "Instances" tab. Once there, locate the instance in which you want to disable the firewall. Click in it and you should be able to see a summary of the instance in the lower part of the website. After that, go to the Security Group section and click on "view inbound rules". There you will be able to see all the open ports your instance has.
To modify such ports, you actually need to modify the Security Group rules your instance is attached to. To do so, click in the security group name in the panel where the "view inbound rules" was. It should take you to another page where you will be able to edit all the firewall rules.
I hope this helps!
Cheers!
Related videos on Youtube
Anderson
Updated on June 04, 2022Comments
-
Anderson almost 2 years
How do I disable the Ubuntu server firewall running inside an amazon instance, though, without using ssh. I am not able to access via ssh because of the timeout error, I think it has a firewall on the server blocking but I can not disable it precisely because it can not access. I need to somehow disable it, directly from the Amazon web console. How do I do?
I already configured the security group in several ways, so I finally left it, with all the ports open for testing.
My route table is:
My ACLs is:
Already tried to connect like this using openssh:
ssh -i "c: \ key \ owlcom.pem" [email protected]
and so
ssh -i "C: \ key \ owlcom.pem" X.X.X.X <- elastic ip
and so
ssh -i "C: \ key \ owlcom.pem" [email protected]
none of them works on any of my computers using openssh or putty., setting the putty correctly with the key.ppk
-
John Hanley over 6 yearsAdd the following information to your question. 1) Post your security group. 2) Post your NACL. 3) Is your Ubuntu server in a private or public subnet? 4) Post your route table for the VPC. 5) Post your route table for the subnet. 6) Do you have a EIP address or Public IP address assigned to your EC2 instance.
-
Asdfg over 6 yearsYou should not add 0.0.0.0/0 Ingress rule on port 22. It is a bad practice. Instead if you must, whitelist your IP address in Ingress.
-
Anderson over 6 yearsI'll edit the question with the information
-
kdgregory over 6 yearsFYI: EC2 public DNS entries are built from the public IP. So smudging one and not the other is pointless.
-
kdgregory over 6 yearsHave you verified that you can use SSH to connect from your computer to any other computer? It's possible that there's an outbound firewall rule at your place of work that prevents this connection.
-
kdgregory over 6 yearsAnd lastly, I'd stick with the default network ACLs and use security groups to control access.
-
kdgregory over 6 yearsReal lastly: what are the outbound rules for your network ACL?
-
Anderson over 6 years100 - ALL Traffic - ALL - ALL - 0.0.0.0/0 - ALLOW
-
Anderson over 6 years* - ALL Traffic - ALL - ALL - 0.0.0.0/0 - DENY
-
Anderson over 6 yearsI removed the input rule that I created with my ip (SSH) and kept only the default again. Same problem.
-
John Hanley over 6 yearsPlease post the route table for subnet-4168e309
-
Anderson over 6 yearsSolved! Uncomplicated Firewall
-
ShivarajRH about 3 yearsAll the above solution didn't work for me, finally, I have disabled instance firewall setting by aws session manager.
-
Robin Ding over 2 years@Anderson, How did you solve the issue? I think I have encountered a similar problem as you. Here is my case, I enabled the firewall by using ufw command when I logged in my EC2 instance; after I logged out, tried to SSH again, SSH didn't work, and showed timeout. Thanks in advance if you can share your solution.
-
-
Brendan Samek over 6 yearsIf you're using IPv6 visit the source and there are instructions there.
-
Anderson over 6 yearsHello, I have already done all these procedures, but nothing worked, I have been trying for 3 days, I have already followed several tutorials, videos, amazom help, but even though everything seems to be correct, the same error continues.
-
Anderson over 6 yearsI will accept your answer because it answers the question I asked, about the firewall, but unfortunately the problem continues, even modifying I can not access via ssh. Timeout error.
-
idelara over 6 yearsYou need to explicitly allow to connect to port 22 via TCP. If you edit your security group and add an exception to allow anywhere (not recommended) or only your IP (the better approach) to connect via SSH, it will work
-
Anderson over 6 yearsYes, i do it, only anyway not works.
-
idelara over 6 yearsCould you please post the exact command you are using to connect to your instance? Please use x's for your instance's IP.
-
Brendan Samek over 6 yearsCan you post the Security Groups and their settings that are attached to the instance?
-
Anderson over 6 yearsI'll edit the question with the information
-
Anderson over 6 yearsyes. i'm editing the question now.
-
Anderson over 6 yearsquestion changed.
-
Anderson over 6 yearsquestion changed.
-
idelara over 6 years@Anderson what is the error outputted by putty or openssh... have you tried it using cygwin?
-
Anderson over 6 yearsNetwork Error: Timed out i'm not trial cygwin. In the Mac prompt ocurrs the same errors.
-
idelara over 6 yearsTry this in your mac: Copy your
pem
file to the dir~/.ssh
. Once you have yourowlcom.pem
file in that dir go ahead and execute the following:ssh -i ~/.ssh/owlcom.pem [email protected]
. Does it still time-out? NOTE: You might have to runsudo chmod 700 ~/.ssh/owlcom.pem
after you copy the file or the terminal might complain about the file permissions -
Nikster2014 almost 3 yearsI don't know how this is the accepted answer! You cannot change firewall rules from the security group...There are four ways of getting access to your instance as outlined here: aws.amazon.com/premiumsupport/knowledge-center/… I chose Method 4 and regained access to my instance...
-
Job M over 2 yearssaved my long days :)