opening port 80 on Ubuntu AWS

firewall amazon-web-services ubuntu-12.04 ufw

38,993

Solution 1

Yes it is. It is like an easy-to-use version of iptables. Try to write, to see iptables firewall rules:

$ sudo iptables -L

You can open for port 80 by using:

$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

I can describe this line for your, if you need it. Just tell me :-)

Solution 2

This worked for me:

Run as root:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

38,993

gesus

Updated on September 18, 2022

Comments

gesus over 1 year

I'm running a tomcat server on an ubuntu machine hosted in an AWS instance. I can reach the server via public_ip:8080 but when i change the listening port on server.xml from 8080 to 80 connection is refused by remote host.

Port number 80 is enabled on AWS firewall.

I checked ufw via sudo ufw status but result is inactive

Is ufw front-end of the underlying firewall mechanism?

How can i enable port 80 on firewall?

Thank in advance.

Ouptut of iptables -S:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Output of netstat -punta

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      785/mysqld
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      613/sshd
tcp        0      0 172.31.1.56:22          92.45.23.114:3913       ESTABLISHED 5825/sshd: ubuntu [
tcp        0      0 172.31.1.56:22          92.45.23.114:19374      ESTABLISHED 7320/sshd: ubuntu [
tcp        0      0 172.31.1.56:22          92.45.23.114:28051      ESTABLISHED 6901/sshd: ubuntu [
tcp        0    272 172.31.1.56:22          92.45.23.114:9327       ESTABLISHED 7428/sshd: ubuntu [
tcp        0      0 172.31.1.56:22          92.45.23.114:7597       ESTABLISHED 7034/sshd: ubuntu [
tcp        0      0 127.0.0.1:3306          127.0.0.1:45655         ESTABLISHED 785/mysqld
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      7275/java
tcp6       0      0 :::8080                 :::*                    LISTEN      7275/java
tcp6       0      0 :::22                   :::*                    LISTEN      613/sshd
tcp6       0      0 127.0.0.1:45655         127.0.0.1:3306          ESTABLISHED 7275/java
udp        0      0 0.0.0.0:68              0.0.0.0:*                           538/dhclient3

Output of netstat -na |grep \:80 before changing port to 80 :

tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN

Output of netstat -na |grep \:80 after changing port to 80 :

tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN

Output of browser on port 80:

ERROR

The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: http://54.194.236.229/TransportationAutomation/personnel.xhtml

Connection to 54.194.236.229 failed.

The system returned: (111) Connection refused

The remote host or network may be down. Please try the request again.

Your cache administrator is webmaster.


Generated Fri, 14 Feb 2014 15:01:06 GMT by proxy (squid/2.7.STABLE7)

Port definition part of server.xml

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           redirectPort="8443" />

part of Catalina.out when starting tomcat on port 80 :

Feb 14, 2014 3:04:25 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-80"]
java.net.BindException: Permission denied <null>:80
  at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:391)
  at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:554)
  at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:409)
  at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
  at org.apache.catalina.connector.Connector.initInternal(Connector.java:956)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
  at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
  at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:815)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:594)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:619)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
Caused by: java.net.BindException: Permission denied
  at java.net.PlainSocketImpl.socketBind(Native Method)
  at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
  at java.net.ServerSocket.bind(ServerSocket.java:376)
  at java.net.ServerSocket.<init>(ServerSocket.java:237)
  at java.net.ServerSocket.<init>(ServerSocket.java:181)
  at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:49)
  at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:378)
... 17 more

UPDATE 2:

I installed tomcat via apt-get so it's a repackaged version of tomcat. Here it says that running tomcat as root will solve the problem but here it says Tomcat should not be run under the root user. Isn't there any possible way to handle it with the repackaged tomcat instance?

UPDATE 3:

I guessthis is the answer to my question

Daniel Widrick over 10 years

Please consider including the relevant sections of your server.xml, the output of iptables -S, and ideally the relevant output from netstat -punta with tomcat running.
David Levesque over 10 years

If you installed Tomcat using apt-get, I just want to point out that changing the port in server.xml is usually not enough, because port 80 is a privileged port. Did you check in catalina.out to see if you have any error message?
meatflag over 10 years

Before you change the port in server.xml, what is the output of netstat -na |grep \:80? Then after you change the port in server.xml and restart jetty what is the output of netstat -na |grep \:80? This does not seem to be a firewall issue.

gesus over 10 years

output of sudo iptables -L is Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination It would be perfect to describe the line that aims to open the port 80. Thanks in advence.
KoKo about 9 years

I run your command and port 80 is open, and I can access my website. Then after I reboot, the port is closed again, I have to re-open it each time. Is there a way to permanently open it? I'm running Ubuntu 14.04 LTS on a VPS
Hammad Hassan almost 7 years

Being a new person on AWS Server EC2 (Ubuntu) spent a lot of time on many things. I used your command to open a customized port and it worked. Although I have already added that customized port in Security Group, inbound section but still was unable to access. After running your command my website is running on my app needed server at customized port. Really helpful.