I have cluster with two Debian servers on gcp. Both servers behave as ntp server. When I tried to use on my laptop ntpdate with IP of one of server it returns:
9 Nov 14:05:05 ntpdate[9406]: adjust time server IP offset -0.017810 sec
I would like to use gcp load balancer for ntp but it does not work. I tried command ntpdate LB_IP
on my laptop and on different gcp server in same network and on both I got response "no server suitable for synchronization found". I use same LB for another application in cluster running on TCP port which works fine via LB.
LB for ntp has frontend UDP with public LB IP and port 123. Backend for instance group with both servers where I set port name mapping ntp 123. Health check is done via tcp port (gcp shows server healthy).
I see in wireshark on my laptop request without response. Request contains:
Source: 10.0.2.15
Destination: LB_IP
Protocol: UDP (17)
User Datagram Protocol, Src Port: 123, Dst Port: 123
Can anyone know why LB not response on UPD port 123?
Related
i want to open up port 8080 to https connections.
but the port number is locked at 443 for all https connections. http is also locked at 80 and ssh at 22.
the reason i want to do this is because the image below shows a dockerized django project working on my machine
but the image below shows the docker container not connecting in my ec2 container
how can i open up port 8080 to connect to my ec2 container from my browser.
update
evidence below of of it not connecting still
Port numbers are just conventions (or 'standards') used for particular protocols. You can certainly use different port numbers for your services.
If you have a web server running on 8080 that is expecting HTTPS connections, you would need to:
Select "Custom TCP" and port 8080 in the Security Group, then add the appropriate IP address range (such as 0.0.0.0/0 for the whole Internet, or perhaps just your specific IP address) -- you can ignore the 'protocol' field since is simply listing the 'standard' uses for each port number
Point your web browser to port 8080, such as:
https://ec2-54-91-36-1.compute-1.amazonaws.com:8080
I have some ec2 machine that run the same code on different ports.
I want to use the aws loadbalancer to route the requests to different ports every time.
for example:
post to port 80 will send to port 4000
post to port 80 will send to port 4001
post to port 80 will send to port 4002
Can i do it?
Thank You
I have Elasticseasrch and Kibana installed on EC2 instance where I am able to access Elasticsearch using on this url http://public-ip/9200. But I am unable to access Kibana using http://public-ip/5601.
I have configured kibana.yml and added certain fields.
server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: 0.0.0.0:9200
On doing wget http://localhost:5601 I am getting below output:
--2022-06-10 11:23:37-- http://localhost:5601/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5601... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83731 (82K) [text/html]
Saving to: ‘index.html’
What am I doing wrong?
Server Host set to 0.0.0.0 means it should be accessible from outside localhost but double check that the listener is actually listening for external connections on that port using netstat -nltpu. The server is also accessible on it's public IP on port 9200 so try the following:
EC2 Security Group should inbound TCP traffic on that port 5601 from your IP address.
Network ACLs should allow inbound/outbound TCP traffic on port 5601.
OS firewall ( e.g. ufw or firewalld ) should allow traffic on that port. You can run iptables -L -nxv to check the firewall rules.
Try connecting to that port from a different EC2 instance in the same VPC. It is possible that what ever internet connection you are using may have a firewall blocking connections on that port. This is common with corporate firewalls.
If these fail, next you want to check if the packets are reaching your EC2 instance so you can run a packet capture on that port using tcpdump -ni any port 5601 and check if you have any packets coming in/out on that port.
if you don't see any packets on tcpdump, use VPC Flow Logs to see if packets are coming in/out that port.
Considering the kibana port (5601 ) is open via security groups
I could able to resolve the issue by updating config server.host:localhost to server.host:0.0.0.0
and elasticsearch.hosts: ["http://localhost:9200"] (in my case kibana and ES both are running on the same machine) in kibana.yml
https://discuss.elastic.co/t/kibana-url-gives-connection-refused-from-outside-machine/122067/8
I am setting up an application load balancer.
The ALB, has 1 listener
http: 80 to the target-group
target-group has port 3000
I also have an auto scaling group that points to the target group and is setup to create 2 instances.
Cluster group is setup, with service that runs 4 tasks.
I setup the service to use the alb and http:80 port. The
task created has a dynamic host port and container port 3000.
I have checked my security groups and I have inbound setup to accept port 3000, and 80 and outbound takes all traffic.
All the instances in the target-group are unhealthy
I can ssh into the ec2 instances and docker ps -a returns two docker containers.
I logged out and ran curl -i ec2-user#ec2-22-236-243-39.compute-4.amazonaws.com:3000/health-check-target-page I get
Failed to connect to ec2-user#ec2-22-236-243-39.compute-4.amazonaws.com port 3000: Connection refused
I tried same command with port 80 and I get
curl: (56) Recv failure: Connection reset by peer
I'm still learning AWS so hope this info helps. Let me know what I am missing here.
Thanks!
I'm developing an application which will use AWS's SNS service to receive notifications over HTTP.
As I am developing the application locally and have no control of our company firewall, I am attempting to tunnel HTTP connections from an external EC2 host to my local machine for the purposes of testing.
Everything looks fine when verifying the connection from the EC2 host itself, however the port is closed when examined externally.
My local application is on port 2222. I have executed the following command on my local machine to establish the proxy:
ssh -i myCredentials.pem ec2-user#myserver.com -R 2222:localhost:2222
Where myserver.com points to an EC2 instance. SSH'ing to the EC2 instance, I can successfully connect to my application via the tunnel, and nmap displays the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00055s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
2222/tcp open EtherNet/IP-1
However when I run nmap against the EC2 instance from my local machine, the port is closed:
Nmap scan report for xxxxxx
Host is up (0.24s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
2222/tcp closed EtherNet/IP-1
The security group assigned to the server is allowing TCP traffic on ports 2222 on 0.0.0.0/0 and iptables isn't running on the server.
What do I need to do on the EC2 end to make this port open to the outside world?
The tunnelling command is correct, however in order for SSH to bind to the wildcard address, the following setting is required in /etc/ssh/sshd_config on the remote server:
GatewayPorts yes
Once this is added, restart sshd and the tunnelling will work as desired provided no firewalls are in the way.