I cannot connect to my fresh new instance of SQL Server Express Edition from the Internet.
~$ sudo nc -vz <HOST>.eu-west-3.rds.amazonaws.com 1433
nc: connect to <HOST>.eu-west-3.rds.amazonaws.com port 1433 (tcp) failed: Connection timed out
I have already configured AWS security group assigned to this database instance. My inbound and outbound rules are:
type: all trafic
protocol: all
port range: all
source: ::/0
Also, everything looks fine on AWS Management Console:
DB instance status: available
Pending maintenance: none
Publicly accessible: Yes
Locally, I have also disabled my ufw:
~$ sudo ufw status verbose
Status: inactive
and iptables:
~$ sudo iptables -P INPUT ACCEPT && sudo iptables -P OUTPUT ACCEPT && sudo iptables -P FORWARD ACCEPT && sudo iptables -F
But still, nothing works. (the same happens both to my SQL Server Express Edition and PostgreSQL 9.4.15 on AWS)
According to your description I assume you want to access your RDS from Internet.
In order to access the RDS ensure this points:
RDS must be in a public VPC subnet.
RDS must be configured with "Public accessibility" = "Yes"
Security Group should contain 0.0.0.0/0 (IPv4) and ::/0 (IPv6)
Related
I tested AWS EC2 Amazon Linux and Ubuntu 18.04.
Tomcat is reachable from localhost:8081, but not from outside network
After pulling thee tomcat image
docker pull tomcat
Then running a container with port mapping:
docker run -d --name container-test -p 8081:8080 tomcat
Tomcat web page is not accessible, says:
This site can’t be reached 13.49.148.112:8081 took too long to respond.
But if doing this way, it's working fine.
docker run -d --name container-test2 -p 8080:8080 tomcat
I opened ALL ALL ALL in AWS security groups.
netstat shows that ports are listening correctly
ACLs are at default rule 100 allowing everything
I also did nmap this and found out the port is filtered:
$nmap -p8081 172.217.27.174
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
Tried to add a rule to iptables but no luck:
iptables -I INPUT 3 -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp --dport 8081 -m state --state New -j ACCEPT
What can be done?
UPDATE:
Spent 2 good days to solve the issue with Amazon Linux2, but no success at all, switched to Ubuntu 22.04 and it's working. Also, same setup works on diff ami image in Mumbai region,
hence there is a high chance the image is faulty in Stockholm region specifically.
could be one of this:
check the port mappings of the container of your task definition
check the entries of the NACL (access control list) of your subnet (check if its public)
check if you allowed the trafic in the security group for your ip or 0.0.0.0/0
I am unable to connect to my EC2 instance via its public dns on a browser, even though for security groups "default and "launch-wizard-1" port 80 is open for inbound and outbound traffic.
It may be important I note that I have a docker image that is running in the instance, one I launched with:
docker run -d -p 80:80 elasticsearch
I'm under the impression this forwards port 80 of the container to port 80 of the EC2 instance, correct?
The problem was that elasticsearch serves http over port 9200.
So the correct command was:
docker run -d -p 80:9200 elasticsearch
The command was run under root.
I'm running Bitnami MEAN on an EC2 instance. I can host my app just fine on port 3000 or 8080. Currently if I don't specify a port I'm taken to the Bitnami MEAN homepage. I'd like to be able to access my app by directly from my EC2 public dns without specifying a port in the url. How can I accomplish this?
The simple way to do that is Port Forwarding by using below command:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
After logging into the AWS using putty by having private key & with username "bitnami". Type the above command & enter.
Then, you will automatically redirected to your application.
Note : I am assuming, you have already configure port 8080 to security group on AWS
You'll have to open port 80 on the server's firewall, and either run your server on port 80 or forward port 80 to port 8080. You'll need to lookup the instructions for doing that based on what version of Linux you are running, but it is probably going to be an iptables command.
You'll also need to open port 80 on the EC2 server's security group.
I cannot connect to a aws Redshift cluster, but I am able to connect with exactly the same configuration when I'm using a different Wifi. Here are some details:
I use mac with SQL Workbench/J with AWS Redshift driver.
The error I'm getting:
[Amazon] (500150) Error setting/closing connection: Operation timed out.
Using Wireshark I see outbound TCP request with no answer.
When I set my smart phone as a hot spot (instead of using my home Wifi) - the same connection works fine.
Here are my security group details:
Inbound: Redshift TCP 5439 0.0.0.0/0
Outbound: All traffic All All 0.0.0.0/0
Also, I tested this on two different aws accounts - same problem on both.
Any idea would be of great help
found an answer here:
http://docs.aws.amazon.com/redshift/latest/mgmt/connecting-firewall-guidance.html
Idle connections are terminated by an intermediate network component (e.g firewall). To solve (on mac):
sudo sysctl net.inet.tcp.keepintvl=20000
sudo sysctl net.inet.tcp.keepidle=20000
sudo sysctl net.inet.tcp.keepinit=20000
sudo sysctl net.inet.tcp.always_keepalive=1
If this works, add the following to /etc/sysctl.conf to persist:
net.inet.tcp.keepidle=20000
net.inet.tcp.keepintvl=20000
net.inet.tcp.keepinit=20000
net.inet.tcp.always_keepalive=1
And after restart, to test:
sysctl net.inet.tcp.keepidle
sysctl net.inet.tcp.keepintvl
sysctl net.inet.tcp.keepinit
sysctl net.inet.tcp.always_keepalive
To change DSN timeout settings
I am not able to connect to my Redis server from remote AWS instance (both instances are in same VPC though)...
I have launched CentOS 6 instance and launched Redis server. I can confirm that server is running:
tcp 0 0 *:6379 *:* LISTEN 891/redis-server *
tcp 0 0 *:6379 *:* LISTEN 891/redis-server *
I have set AWS security group to be:
Custom TCP | port 6379 | 0.0.0.0/0
I am able to connect to the Redis server from the same instance using redis-cli but when I try to do it from some other AWS instance I get:
Could not connect to Redis at ec2-*.compute.amazonaws.com:6379: No route to host
Seems like you are using 127.0.0.1 IP for binding instead of 0.0.0.0. Open your /etc/redis.conf and check bind option.
Turns out firewall was on, so it wasn't possible to connect from outside. So to wrap it up:
1.Set Redis to allow remote connections by setting bind 0.0.0.0 in redis.conf
2.Make sure the firewall is not preventing you to connect to your server. On AWS you can turn it off by:
sudo service iptables save
sudo service iptables stop
sudo chkconfig iptables off