I have two EC2 instances running Windows. They are both in the same security group which allows for all outgoing ports, but only RDP ports from my IP. What I can't figure out is that both, to my examination, have the same security and networking settings, but one connects through RDP but the other one doesn't.
Any suggestions for settings to look at?
After a few attempts of download the .rdp file, checking the inbound rules, running nslookup myip.opendns.com resolver1.opendns.com to see my IP just to make sure I wasn't going crazy.
Ultimately what solved the problem was restarting my own computer and running the .rdp file. Not sure why, but maybe my computer was sending stale configuration data.
Related
I have 2 AWS EC2 instances which have the same security group:
When I'm running curl -XGET 'http://localhost:9200/_cluster/state/master_node?pretty' from the nodes (works only on master), I get:
master_not_discovered_exception
I tried to telnet with port 9200 from one machine to another, and it doesn't work, so I think this the root cause (I'm able to telnet from my local machine.
I followed this guideline
What else I should check?
Update:
telnet works tnx to suggested solution, however issue was still persist. I was able to fix it after following this answer
It would be a good idea to check the following:
-Are both aws machines in the same VPC/Subnet?
-If they are not, are there any ACLs configured in any of the VPCs that would prevent communication? Check VPCs and subnets.
-If they are not, is routing configured between the machines?
-Does the security group allow connections to TCP 9200 from any machine? or from a specific ip/range/subnet? if this is the case, make sure the machines ips are included.
-Do you have any firewall running on the machines that could prevent connectivity? ( If they are linux machines, check firewalld/iptables, and disable it shortly for a test. If they are windows machines, do the same test with windows firewall. If you do this test, make sure the machines are not reachable from external sources for the test duration.
Another bad day. I have all the configuration for my ec2 instance.
Till yesterday I was able to connect it via ssh on mac. but know why it's not getting connect now.
Configuration is as below:
Security Group:-
I'm using below steps as usual and I'm same directory where mypleaks-inst.pem kept.
My guess: Your security group that was applied was "launch-wizard-2" which by default sets exlusion rules. You need to associate that EC2 instance with one of the two security groups listed in your second screen shot to allow TCP connections on port 22 from inbound ip range. OR you could modify launch-wizard-2 to incorporate the relevant rules to allow for ssh connection.
if you're sure nothing was changed on AWS side then perhaps your SSH service is down temporarily or permanently (the server was overloaded? You can do it with ease with T2.small).
Check NACL and routing, otherwise.
I am pretty confused, this is a procedure I've done a lots of times in the past, without any issue.
My objective, after setting up a RDS I create and make sure is active a Security Group allowing all incomming traffic from any IP, 0.0.0.0/0.
I am trying to connect from an external source to the server, yet I fail to, and having problems on how further investgating what is the issue.
The access to 1433 ports is open by the firewall I'm using.
I don't know how to proceed.
Kind regards,
Alejandro.
I have been dealing with a very messy problem which is that I need a new open port in my EC2 instance.
I have a node.js application running in this instance. To make that happen I had to open the port 3000 through adding a new inbound rule in the security groups, which worked perfectly.
Now, I need another port opened so I can send data from an external IP to that port.
I tried opening the port adding a new inbound rule as well, but with not success. The port gets opened but just in the localhost, not in the public or private IP, so I can not telnet to the port.
I have tried adding it to the firewall iptables as well using the Ubuntu shell but I have no success on it.
I would really appreciate any help, any response. Thank you!!
I should do comment to get something clear from you but due to low reputation i can't.
So, just ignore reputation or scoring lets consider learning.
Here are complete tutorial to add new ports in an AWS instance:
Open the Amazon EC2 console at EC2 Console
In the navigation pane, choose Security Groups. Select the security
group for your instance.
Choose Inbound, Edit, Add Rule.
For Type, choose choose accordingly.
Now it comes "Secure Filed" it decides that which system can access
this port. So, if you want that only your or some other specific
systems could access this machine give their IPs e.g. in IPV-6
format. Or you want this port open publicly just enter 0.0.0.0 as IP
here.
Choose Save.
Please follow this tutorial, I am sure it would work, in your case I think you are missing "Secure Field" thing.
I've read a lot of questions already posted on this topic but none seem to provide an answer that helps, so forgive me for the duplicate post if I missed one...
I setup an elastic beanstalk single instance application. I then ensure'd the EC2 instance that it spawned had a security group to allow port 80 incoming requests. I then created an elastic ip and associated the EC2 instance with the ip, but neither the public dns or the elastic ip will respond to http requests.
Any ideas why this might be an issue for me?
In my case the problem was, even though I'd associated my elastic IP to my instance and created firewall rules in new security groups to provide access, I hadn't associated my new security groups with my instance. To fix this, I used the Change Security Groups menu from my Instances screen:
This caused the following popup to appear, where, sure enough, my new security groups existed but weren't associated with my instance:
After I (1) checked the appropriate boxes and (2) clicked on Assign Security Groups, all was well.
In classic-EC2 scenario:
Make sure port 80 is allowed in your AWS security group.
Make sure port 80 is allowed in local operating based firewall on your system. OR disable the local firewall for the time being to narrow down the issue.
Make sure that your application is indeed listening on port 80. You can check this by running telnet 127.0.0.1 80.
If above 3 points are satisfied, I don't see a reason why you are not able to access your application on port 80.
Let us know in case you are using VPC and not classic-EC2.
BTW, when you attach elastic IP, the instance will drop the public DNS that it had earlier. So now you should work with elastic IP only.
I have had a case where the elastic IP address was itself not responding on a specific port number. When I associated the instance with a different elastic IP, everything worked fine. So I resolved the issue by allocating a new elastic IP address. Root cause: Amazon evidently does not have an effective internal process for validating the integrity of an elastic IP. Obviously that's a tall order considering the things outside their control that can happen, with denial of service attacks and etc.
It cost me a day of doing progressive isolation to get to this, which I would have never otherwise suspected.
Any chance there is also a firewall running on the machine? I know in windows I usually need to open the port on the windows firewall AND on amazon's security.