I already did the configuration as the documentation sends and the door does not open.
Firewall Rules Config
Netstat on server
Nmap
Google Firewall rules are for just to allow traffic to the instance. In your case, seems you have to open the port 8080 from the server level.
Related
No ingress firewall rule allowing SSH found.
If the project uses the default ingress firewall rule for SSH, connections to all VMs are allowed on TCP port 22. If the VPC network that the VM’s ## Heading ##network interface is in has a custom firewall rule, make sure that the custom firewall rule allows ingress traffic on the VM’s SSH TCP port (usually, this is TCP port 22).
To investigate further, enable the VM's serial console. Then connect through the VM’s serial port, check the SSH server's listen port, and then compare the listen port number with the VM's firewall rules. The port numbers must match.
How to remove the network error, while initiating VM via SSH
This error can occur for several reasons. The following are some of the most common causes of the errors :
The VM is booting up and sshd is not running yet.
The firewall rule allowing SSH is missing or misconfigured.
sshd is running on a custom port.
Your custom SSH firewall rule doesn't allow traffic from Google
services.
The SSH connection failed after you upgraded the VM's kernel.
The sshd daemon isn't running or isn't configured properly.
The VM isn't booting and you can't connect using SSH or the serial
console.
The VM is booting in maintenance mode.
Please check for the above mentioned errors in serial port and refer to this documentation to resolve the issue.
You can also try these steps :
Stop the VM instance.
Click 'Edit' to edit the instance.
Under ‘Metadata' section, add 'startup-script' key, with value:
#! /bin/bash
sudo ufw allow 22
Click 'Save'
Start the instance again, and SSH into it
i want to open up port 8080 to https connections.
but the port number is locked at 443 for all https connections. http is also locked at 80 and ssh at 22.
the reason i want to do this is because the image below shows a dockerized django project working on my machine
but the image below shows the docker container not connecting in my ec2 container
how can i open up port 8080 to connect to my ec2 container from my browser.
update
evidence below of of it not connecting still
Port numbers are just conventions (or 'standards') used for particular protocols. You can certainly use different port numbers for your services.
If you have a web server running on 8080 that is expecting HTTPS connections, you would need to:
Select "Custom TCP" and port 8080 in the Security Group, then add the appropriate IP address range (such as 0.0.0.0/0 for the whole Internet, or perhaps just your specific IP address) -- you can ignore the 'protocol' field since is simply listing the 'standard' uses for each port number
Point your web browser to port 8080, such as:
https://ec2-54-91-36-1.compute-1.amazonaws.com:8080
Senario:
There are two servers running on different VPCs. Both servers are publically available.
Server-one(e.g. Public IP:13.126.233.125) is hosting one file on 8000 port and port 8000 inbound is open on all firewall installed on the server and security group.
Server-two wants to get that file with "wget command". Port 80 outbound Server-two is open. I tried to do "wget http://13.126.233.125:8000/file.txt", it shows connection refused. I had to open port 8000 in outbound of Server-two to make this work.
As per my logic, this should have worked without adding 8000 in out-bound list. Server-one is hosting on 8000, It's not compulsory for server-two to start the connection from 8000 port. server-two can use any ephemeral ports or port 80 as this is http connection.
Please explain why it's required to open out-bound port 8000 on server-two.
HTTP is a protocol that sits on top of TCP. Using port 80 is a convention and not a requirement. You can run HTTP (and HTTPS) on any port you want that is available. The way that TCP works, is that a process will open a TCP port (say 8000) and then "listen" on that port for connection attempts from other systems (local or remote). If you try to connect using port 80 on a system listening on port 8000, you will either connect to the wrong service or get connection refused. Only after the connection is accepted does ephemeral ports come into action.
If server A is running a service listening on port 8000, then server B needs to connect to server A using port 8000. This means that server B needs port 8000 open outbound in order to connect to port 8000.
In normal usage, you set (restrict) the inbound ports in a security group and allow ALL outbound ports. Only restrict outbound ports if you understand how TCP works and know exactly what you are doing and why. Otherwise leave all outbound ports open.
There are a few reasons to control outbound ports. For example, to prevent an instance from performing updates, to prevent an instance from communicating if was breached, etc. If you are controlling this level of communications, then you also need to understand how NACLs work and how to use each one.
AWS has some pretty good documentation that explains how security groups and NACLs work and how to use them.
Outbound firewalls are used to limit the connections to external services from within the network. That is why by default all outbound connections are enabled and inbound connections are disabled.
In this case, setting an outbound firewall on server 2 prohibits server 2 from making connections to port 8000 (and all others, except 80) of server 1. It is regardless of the port from which the connection is initiated.
I'm trying to connect to my Hansoft server on my AWS server that is running Windows Server.
I've tried opening all inbound traffic to test, but that hasn't worked. I'm able to ping the server so it's there.
Hansoft servers use default port 50256.
What else could I try?
Launch-wizard-1 security group settings below.
Inbound Security rules:
All Traffic, All protocols, All port range, Source 0.0.0.0/0
RDP, TCP Protocol, Port range 3389, Source 0.0.0.0/0
All ICMP, All protocols, Port range N/A, Source 0.0.0.0/0
Outbound Security rules:
All Traffic, All protocols, All port range, Source 0.0.0.0/0
Try the following:
Are you sure 100% the service is running?
While logged into the instance, can you 'telnet localhost 50256' and get a connection? Have you tested it locally and confirms it works?
Disable your local firewall and anti-virus.
Have you checked the local Windows Firewall on that server? That will block you in some configurations, so you need to check that. You may need a new inbound rule there.
I'm developing an application which will use AWS's SNS service to receive notifications over HTTP.
As I am developing the application locally and have no control of our company firewall, I am attempting to tunnel HTTP connections from an external EC2 host to my local machine for the purposes of testing.
Everything looks fine when verifying the connection from the EC2 host itself, however the port is closed when examined externally.
My local application is on port 2222. I have executed the following command on my local machine to establish the proxy:
ssh -i myCredentials.pem ec2-user#myserver.com -R 2222:localhost:2222
Where myserver.com points to an EC2 instance. SSH'ing to the EC2 instance, I can successfully connect to my application via the tunnel, and nmap displays the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00055s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
2222/tcp open EtherNet/IP-1
However when I run nmap against the EC2 instance from my local machine, the port is closed:
Nmap scan report for xxxxxx
Host is up (0.24s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
2222/tcp closed EtherNet/IP-1
The security group assigned to the server is allowing TCP traffic on ports 2222 on 0.0.0.0/0 and iptables isn't running on the server.
What do I need to do on the EC2 end to make this port open to the outside world?
The tunnelling command is correct, however in order for SSH to bind to the wildcard address, the following setting is required in /etc/ssh/sshd_config on the remote server:
GatewayPorts yes
Once this is added, restart sshd and the tunnelling will work as desired provided no firewalls are in the way.