I'm trying to connect to my Hansoft server on my AWS server that is running Windows Server.
I've tried opening all inbound traffic to test, but that hasn't worked. I'm able to ping the server so it's there.
Hansoft servers use default port 50256.
What else could I try?
Launch-wizard-1 security group settings below.
Inbound Security rules:
All Traffic, All protocols, All port range, Source 0.0.0.0/0
RDP, TCP Protocol, Port range 3389, Source 0.0.0.0/0
All ICMP, All protocols, Port range N/A, Source 0.0.0.0/0
Outbound Security rules:
All Traffic, All protocols, All port range, Source 0.0.0.0/0
Try the following:
Are you sure 100% the service is running?
While logged into the instance, can you 'telnet localhost 50256' and get a connection? Have you tested it locally and confirms it works?
Disable your local firewall and anti-virus.
Have you checked the local Windows Firewall on that server? That will block you in some configurations, so you need to check that. You may need a new inbound rule there.
Related
RESOLVED: See comments
I am trying to enable SSL from outside the GCP network and have temporarily edited the HTTPS rule to allow all networks and I have applied it to all instances in the network.
However, when I try to telnet (to a Linux VM) from my laptop on 443 it still fails (I can do it on port 22) and on port testing web pages it says the port is closed. what am I missing to implement the rule correctly?
default-allow-https ingress 1000 0.0.0.0/0 allow tcp:443
default-allow-ssh ingress 65534 0.0.0.0/0 allow tcp:22
I've also got the default http, icmp, internal and rdp rules.
I have Elasticseasrch and Kibana installed on EC2 instance where I am able to access Elasticsearch using on this url http://public-ip/9200. But I am unable to access Kibana using http://public-ip/5601.
I have configured kibana.yml and added certain fields.
server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: 0.0.0.0:9200
On doing wget http://localhost:5601 I am getting below output:
--2022-06-10 11:23:37-- http://localhost:5601/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5601... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83731 (82K) [text/html]
Saving to: ‘index.html’
What am I doing wrong?
Server Host set to 0.0.0.0 means it should be accessible from outside localhost but double check that the listener is actually listening for external connections on that port using netstat -nltpu. The server is also accessible on it's public IP on port 9200 so try the following:
EC2 Security Group should inbound TCP traffic on that port 5601 from your IP address.
Network ACLs should allow inbound/outbound TCP traffic on port 5601.
OS firewall ( e.g. ufw or firewalld ) should allow traffic on that port. You can run iptables -L -nxv to check the firewall rules.
Try connecting to that port from a different EC2 instance in the same VPC. It is possible that what ever internet connection you are using may have a firewall blocking connections on that port. This is common with corporate firewalls.
If these fail, next you want to check if the packets are reaching your EC2 instance so you can run a packet capture on that port using tcpdump -ni any port 5601 and check if you have any packets coming in/out on that port.
if you don't see any packets on tcpdump, use VPC Flow Logs to see if packets are coming in/out that port.
Considering the kibana port (5601 ) is open via security groups
I could able to resolve the issue by updating config server.host:localhost to server.host:0.0.0.0
and elasticsearch.hosts: ["http://localhost:9200"] (in my case kibana and ES both are running on the same machine) in kibana.yml
https://discuss.elastic.co/t/kibana-url-gives-connection-refused-from-outside-machine/122067/8
Senario:
There are two servers running on different VPCs. Both servers are publically available.
Server-one(e.g. Public IP:13.126.233.125) is hosting one file on 8000 port and port 8000 inbound is open on all firewall installed on the server and security group.
Server-two wants to get that file with "wget command". Port 80 outbound Server-two is open. I tried to do "wget http://13.126.233.125:8000/file.txt", it shows connection refused. I had to open port 8000 in outbound of Server-two to make this work.
As per my logic, this should have worked without adding 8000 in out-bound list. Server-one is hosting on 8000, It's not compulsory for server-two to start the connection from 8000 port. server-two can use any ephemeral ports or port 80 as this is http connection.
Please explain why it's required to open out-bound port 8000 on server-two.
HTTP is a protocol that sits on top of TCP. Using port 80 is a convention and not a requirement. You can run HTTP (and HTTPS) on any port you want that is available. The way that TCP works, is that a process will open a TCP port (say 8000) and then "listen" on that port for connection attempts from other systems (local or remote). If you try to connect using port 80 on a system listening on port 8000, you will either connect to the wrong service or get connection refused. Only after the connection is accepted does ephemeral ports come into action.
If server A is running a service listening on port 8000, then server B needs to connect to server A using port 8000. This means that server B needs port 8000 open outbound in order to connect to port 8000.
In normal usage, you set (restrict) the inbound ports in a security group and allow ALL outbound ports. Only restrict outbound ports if you understand how TCP works and know exactly what you are doing and why. Otherwise leave all outbound ports open.
There are a few reasons to control outbound ports. For example, to prevent an instance from performing updates, to prevent an instance from communicating if was breached, etc. If you are controlling this level of communications, then you also need to understand how NACLs work and how to use each one.
AWS has some pretty good documentation that explains how security groups and NACLs work and how to use them.
Outbound firewalls are used to limit the connections to external services from within the network. That is why by default all outbound connections are enabled and inbound connections are disabled.
In this case, setting an outbound firewall on server 2 prohibits server 2 from making connections to port 8000 (and all others, except 80) of server 1. It is regardless of the port from which the connection is initiated.
Since I don't need to reserve an IP address with Elastic IP (I'm testing for now), I'm just using the Public IP randomly assigned at every startup.
After setting up a game server via SSH and opening the related ports on the Security Group, said server is not reachable.
Testing further I've noticed that the instance is not even answering ping request (yes, I've added relative rules in the Security Group).
So the instance is working only on port 22, can anyone explain why?
Here are the Security Group rules:
Ports Protocol Source
0--1 icmp 0.0.0.0/0, ::/0
22 tcp 0.0.0.0/0, ::/0
7787-7788 udp 0.0.0.0/0, ::/0
27166 tcp 0.0.0.0/0, ::/0
27165-27166 udp 0.0.0.0/0, ::/0
EDIT2 adding ACL inbound rules:
Rule # Type Protocol Port Range Source Allow / Deny
100 ALL Traffic ALL ALL 0.0.0.0/0 ALLOW
If you are able to SSH to the instance, then the problem is not related to the network configuration.
The NACL configuration you show permits all traffic.
That leaves the instance as the guilty party, so you should concentrate your efforts on-instance rather than elsewhere.
So i found what was wrong: the icmp rule I was setting inbound was for icmp echo reply, i had to use icmp echo request, it took me 8 hours to realize it. no need to configure iptaples, ACL or else.
I'm sorry for the useless thread!
I installed flask on my AWS EC2 machine.
now, from a local machine, the website is supposed to load with localhost and port 5000 but it is not working similarly with http::5000
I tried to add a rule in Security groups as : All TCP, 0.0.0.0/0 -- I am not sure how to allow in-bound traffic to this box.
any help will be appreciated.
Thanks !
I had trouble with this. Until I tried adding an inbound custom tcp rule to my security group associated with the running instance.
Something like:
Custom TCP Rule, Protocol: TCP, Port Range: 5000, Source: 0.0.0.0/0
Custom TCP Rule, Protocol: TCP, Port Range: 5000, Source: ::/0