Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

EC2's EIP port 443 not working

0

Hi everyone,

I have an EC2 instance with Ubuntu and an attached Elastic IP (EIP), and services running on ports 443 and 3000. The security group settings are as follows:

Port rangeProtocolSource
22TCP10.0.0.0/8
3000TCP10.0.0.0/8
443TCP0.0.0.0/0

The problem is that when I use telnet to test the ports, for example:

$ telnet internal IP:22 or $ telnet to the internal IP:3000, it works fine.

However, when I try to $ telnet EIP:443, it fails and returns a connection refused error.

When I try $ telnet internal IP:443, it works fine.

But the security group is configured with 0.0.0.0/0. Why can't I telnet to the EIP on port 443?

BTW, the ufw is inactive, and don't have iptables, Network ACL as follow:

Rule numberTypeProtocolPort rangeSourceAllow/Deny
100All trafficALLALL0.0.0.0/0Allow
*All trafficALLALL0.0.0.0/0Deny
Temas
Cálculo
Etiquetas
Amazon EC2
Idioma
English
Duke
preguntada hace un mes104 visualizaciones
2 Respuestas
1
Respuesta aceptada

Is there an Internet Gateway attached to the VPC or is it over a NAT Gateway? Can you access Internet from the instance? Here is a detail troubleshooting list.

profile pictureAWS
EXPERTO
AWS-User-alantam
respondido hace un mes
profile picture
EXPERTO
Oleksii Bebych
revisado hace un mes
profile picture
EXPERTO
Adeleke Adebowale J
revisado hace un mes
  • iBehr EXPERTO
    hace un mes

    Not only is there an IGW on the VPC but is it in the Route Table for the subnet containing the instance as the default route.

    Also recommend checking VPC flowlogs for REJECT messages to help troubleshoot.

  • Duke
    hace un mes

    Hi AWS-User-alantam, Thank you for your reply.

  • Duke
    hace un mes

    It's route table not associate with IGW.

1

Two things come to mind here, firstly do you have the security group associated with the new network interface that has the elastic IP atttached? https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html#MultipleIPReqs

  • You associate security groups with network interfaces, not individual IP addresses. Therefore, each IP address you specify in a network interface is subject to the security group of its network interface.

Second thing is around the software that is listening on port 443, is it set to listen on the IP address associated with the NIC to which the elastic IP is attached? Taking Apache as an example https://httpd.apache.org/docs/2.4/bind.html

profile picture
EXPERTO
Steve_M
respondido hace un mes
profile picture
EXPERTO
Oleksii Bebych
revisado hace un mes
  • Duke
    hace un mes

    Hi Steve_M, Thank you for your reply.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante