In one of my amazon aws server installed memcahed server in port 11211.
Now i ssh to that server and run this command
telnet 127.0.0.1 11211
I get connected to and can access memcache data.
If i use private or public ip instead of 127.0.0.1
telnet <private ip> 11211
i get this
telnet: Unable to connect to remote host: Connection refused
Lets call this server master server where memcached is installed.
If i now ssh to other app server and run this command
telnet <private ip> 11211
get the same error. But the master server security group has this inbound rules.
All traffic All All sg-xxxxxx (app server)
Should we not get access to all services running in our master server from app servers?
Related
I have Elasticseasrch and Kibana installed on EC2 instance where I am able to access Elasticsearch using on this url http://public-ip/9200. But I am unable to access Kibana using http://public-ip/5601.
I have configured kibana.yml and added certain fields.
server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: 0.0.0.0:9200
On doing wget http://localhost:5601 I am getting below output:
--2022-06-10 11:23:37-- http://localhost:5601/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5601... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83731 (82K) [text/html]
Saving to: ‘index.html’
What am I doing wrong?
Server Host set to 0.0.0.0 means it should be accessible from outside localhost but double check that the listener is actually listening for external connections on that port using netstat -nltpu. The server is also accessible on it's public IP on port 9200 so try the following:
EC2 Security Group should inbound TCP traffic on that port 5601 from your IP address.
Network ACLs should allow inbound/outbound TCP traffic on port 5601.
OS firewall ( e.g. ufw or firewalld ) should allow traffic on that port. You can run iptables -L -nxv to check the firewall rules.
Try connecting to that port from a different EC2 instance in the same VPC. It is possible that what ever internet connection you are using may have a firewall blocking connections on that port. This is common with corporate firewalls.
If these fail, next you want to check if the packets are reaching your EC2 instance so you can run a packet capture on that port using tcpdump -ni any port 5601 and check if you have any packets coming in/out on that port.
if you don't see any packets on tcpdump, use VPC Flow Logs to see if packets are coming in/out that port.
Considering the kibana port (5601 ) is open via security groups
I could able to resolve the issue by updating config server.host:localhost to server.host:0.0.0.0
and elasticsearch.hosts: ["http://localhost:9200"] (in my case kibana and ES both are running on the same machine) in kibana.yml
https://discuss.elastic.co/t/kibana-url-gives-connection-refused-from-outside-machine/122067/8
I have a database on a remote Google Cloud (GCP) machine. On GCP, I edited the firewall rules to allow access from my desktop and from an AWS EC2 instance. However, the following happens:
From desktop:
netcat -zv 35.198.56.213 27017
Connection to 35.198.56.213 27017 port [tcp/*] succeeded!
From EC2:
netcat -zv 35.198.56.213 27017
netcat: connect to 35.198.56.213 port 27017 (tcp) failed: Connection timed out
I don't understand why I can connect from my desktop but not from the EC2. Both IPs are allowed (using the instance public address). The outbound rules for the EC2 instance are allowing all traffic.
Any tips?
Edit: I am trying to connect to a mongo instance that is running on port 27017. The bindIp on /etc/mongod.conf is correctly set to 0.0.0.0.
I have a dockerized application in EC2 , which is running fine
And I have a security policy like following
Here my instance's details
If I hit https://54.167.118.150/ or http://54.167.118.150/ or https://54.167.118.150:8080 or http://54.167.118.150:8080
It shows connection refused.
But when I hit the IP in browser , it was saying refused to connect .
Check your Dockerfile is port 8080 is exposed or not. The port 8080 should be exposed to the host, add below line in the bottom of Dockerfile;
EXPOSE 8080
I'm connecting to an AWS EC2 private instance (has Private DNS and IP, no Public DNS nor IP). I do it the following way:
Agent forwarding: ssh-add private-instance.pem
Connect to bastion: ssh my-project.prd
.ssh/config
connect to private instance: ssh ubuntu#private-ip-num
Connection to instance works fine, but whenever I try to install a package:
git clone https://github.com/aws/efs-utils
I get an error like the following:
fatal: unable to access 'https://github.com/aws/efs-utils/': Failed to connect to github.com port 443: Connection timed out
Did you opened the port 443 ? you will be need to connect from your private instance to a external service the port open
I'm developing an application which will use AWS's SNS service to receive notifications over HTTP.
As I am developing the application locally and have no control of our company firewall, I am attempting to tunnel HTTP connections from an external EC2 host to my local machine for the purposes of testing.
Everything looks fine when verifying the connection from the EC2 host itself, however the port is closed when examined externally.
My local application is on port 2222. I have executed the following command on my local machine to establish the proxy:
ssh -i myCredentials.pem ec2-user#myserver.com -R 2222:localhost:2222
Where myserver.com points to an EC2 instance. SSH'ing to the EC2 instance, I can successfully connect to my application via the tunnel, and nmap displays the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00055s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
2222/tcp open EtherNet/IP-1
However when I run nmap against the EC2 instance from my local machine, the port is closed:
Nmap scan report for xxxxxx
Host is up (0.24s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
2222/tcp closed EtherNet/IP-1
The security group assigned to the server is allowing TCP traffic on ports 2222 on 0.0.0.0/0 and iptables isn't running on the server.
What do I need to do on the EC2 end to make this port open to the outside world?
The tunnelling command is correct, however in order for SSH to bind to the wildcard address, the following setting is required in /etc/ssh/sshd_config on the remote server:
GatewayPorts yes
Once this is added, restart sshd and the tunnelling will work as desired provided no firewalls are in the way.