I am using ubuntu 18.04 in my GCP and have setup my firewalls to listen to port 5000 by default:
my output for netstat -tupln:
when I open <my-ip-address>:5000 I can access my hosted website, but when I try to do <my-ipaddress> It says connection refused. I don't know why it says show as I have changed default port on firewall as well. Can someone please help me out here?
when you open up the public address in a web browser it will go to the server looking for an application running on port 80 or 443 in case of https request. That is why the connection is refused because your firebase only allows for 5000 port request will be forward to your machine.
Related
I have an ec2 instance on which i login as:
ssh -L 5001:localhost:5000 sumit#<public DNS>
I have an application (superset) which I run as:
2020-04-01 08:18:24,531:INFO:root:logging was configured successfully
2020-04-01 08:18:24,620:INFO:root:Configured event logger of type <class 'superset.utils.log.DBEventLogger'>
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
2020-04-01 08:18:25,600:INFO:werkzeug: * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Now when I open my browser and type, then it works:
http://127.0.0.1:5001/
I already have setup all http and https traffic:
Now when I change 127.0.0.1 to the aws public dns address it doesn't work. Please let me know what am I missing?
You method is using something call Port Forwarding.
This command:
ssh -L 5001:localhost:5000 sumit#<public DNS>
is saying: "Please SSH into the instance, and also forward port 5001 on this computer to the other computer, and ask it to send the traffic to localhost:5000."
Therefore, any traffic sent to port 5001 on your computer will be forwarded to port 5001 on the target computer. This is a good way of preventing other people from being able to access port 5000 on that computer, unless they are able to SSH into the instance (presumably using a private key).
Accessing http://127.0.0.1:5001/ means it will go to port 5001 on your computer. It would be the same as going to http://localhost:5001 on your own computer.
The flow is: 127.0.0.1:5001 -> via SSH connection -> localhost:5000 on other computer
Changing it to http://DNS-NAME:5001 will try to connect to port 5001 on the destination computer, which is not a port that is in use. You could try changing it to connect to http://DNS-NAME:5000 (which is the port where the application seems to be running) and opening the Security Group to allow port 5000, but that would probably violate the security that somebody probably wanted to put in place.
I am facing ERR_CONNECTION_REFUSED / The site can't be reached issue with my ec2 instance(Amazon linux ami)
When I used telnet <publicIP> 80 it says
Trying
telnet: connect to address : Connection refused
The security group is open to port 80 for Inbound
When I use telnet <publicIP> 22 it hangs
Any help is highly appreciated. Thanks in advance.
What are you trying to do? If you want to just start a server, you need to enable a server on the machine (SSH). Then you can access your web server via IP (if that's what you want).
If you don't open a server, the connection will be refused.
I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this
But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?
The most common problem related to your issue is that the application / server is configured for localhost or 127.0.0.1, which means accept connections only on the local machine. You need to bind with 0.0.0.0 which means listen on all available networks.
When connecting from the public network (outside your system) Connection refused means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).
Connect to your instance via SSH. Then run this command: netstat -a. Look for a line that says LISTENING on your port number. Then look at the IP address. If it shows 127.0.0.1, this is your problem. If you do not see your port number in LISTENING state, then you do not have a process listening on that port.
I created a new Ubuntu T2 Micro instance on EC2.
Created a new Elastic IP and selected "EIP used in: VPC"
Associated the address to my new EC2 Ubuntu instance.
I now have a Private IP and a Public/Elastic IP. No Public DNS.
My security group has SSH port 22 and HTTP port 80 open.
I can connect to the instance just fine through SSH using the Public IP, but when I try to browse to the Public IP through the browser it says connection refused. I can't ping it either.
I'm out of ideas.
Amazon EC2 HTTP connection refused, but HTTP port is open
That's already proven by the fact that you got 'connection refused'. If the port wasn't open it would have been 'connect timeout'.
'Connection refused' means that the service you tried to connect to wasn't listening at that port. Possibly it isn't started at all, or even installed.
You need to install a web server on your machine, such as Apache or Nginx. This is not provided by default in EC2.
go to security groups --> edit inbound rules --> add rule (add a custom TCP port 8888 with 0.0.0.0/0 ).
There are two major things that can happen to your web server.
Connection refused :- Which means there is no service running (http/JBOSS/nginx) on your server which is available to accept connections on port specified (which is 80 in this case)
Connection timed out :- Would mean server is not able to process any incoming connection hitting it at port 80. Once you fix the security group and your NACL (if you don't have a default one), then you need to re-check to see if it's service which is giving out the error, not to forget that the error response will change.
I have 2 instances set up in EC2. One is running nginx and has an association with the elastic IP address, so its publicly accessible.
The other doesn't have a web server but has a RESTful server running on port 8080.
Both belong to a security group with these rules:
Ports Protocol Source MongoDB-2-2-2-AutogenByAWSMP-
22 tcp 0.0.0.0/0
80 tcp 0.0.0.0/0
8080 tcp 0.0.0.0/0
If I understand that right then port 8080 should be open.
If I ssh onto my web box (with nginx running) I'm trying to test access to my RESTful server on the other instance:8080, so I tried:
curl http://10.151.87.76:8080/1/tlc/ping
curl http://ip-10-151-87-76:8080/1/tlc/ping
curl http://ip-10-151-87-76.ec2.internal:8080/1/tlc/ping
All of these gave me "couldn't connect to host" errors.
If I log onto the RESTful box directly and do the following, it works.
curl localhost:8080/1/tlc/ping
So I know my service is up and healthy.
Any ideas why I can't see port 8080 from the other instance are appreciated.
Make sure instances are in the same availability zone. If not, you may need to access the instance by public DNS name (something like ec2-XXX-XX-XXX-XXX.YYY.amazonaws.com).
Make sure 10.151.87.76 is the correct IP. Note that this will probably change after the instance is stopped and started again.
Make sure your headless service is publicly available -- it may listen on localhost:8080 only but should listen on 0.0.0.0:8080. Try nmap 10.151.87.76 -p 8080 from other instance, it should list 8080 as open port.
Make sure your headless service is publicly available << so this is the reason. What web server are you using for REST API? If it is Apache, make sure config says Listen 8080, not Listen 1.2.3.4:8080. If it is standalone app, make sure it can listen on all interfaces -- some clients will listen on localhost by default. – hudolejev 54 mins ago
This! Buried deep (deep) within my code was a piece of the server wired to "localhost". Changed that to key off hostname and all was well! Happy.