By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot open custom ports on ec2 instance

0

Hello,

I'm struggling trying to connect on custom ports opened on different ec2 instances. The details below refer to a g4dn.xlarge instance with Ubuntu 22.04 as OS. The custom port that I'm trying to use is 8700.

Following this support service response https://aws.amazon.com/premiumsupport/knowledge-center/ec2-linux-resolve-ssh-connection-errors/?nc1=h_ls I checked the following elements:

  • the IP is correct, I'm able to connect on port 22 and port 8080
  • the instance has passed its health checks
  • the security group allows traffic on port 8700 (we have 3 identical rules for ports 22, 8080 and 8700; traffic works on the first two ports)
  • the network ACLs on instance subnet allow all incoming and outgoing traffic
  • the route table of the instance's subnet is configured properly
  • there is not any firewall on (ufw is disabled and iptables are empty)
  • the service is on and listening on port 8700 (checked with 'sudo netstat -tulpn')
  • the service works: when choosing port 8080, everything works as expected
  • TCP wrappers are not blocking any traffic
  • I do not have any rule set to the VPC network firewall

Do you have any hint on why some custom ports do not work?

Thank you for your time!

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content DeliverySecurity GroupAvailability
Language
English
MartinaR
asked a year ago449 views
1 Answer
0

Hello, from what you indicate I see that you verified the configuration correctly, I add the following:

  • I understand that the instance at the operating system level is listening on port 8700, to validate it you could put the following command "netstat -tulpn | grep ':8700'" or you can search it visually with the following command "sudo lsof -i -P -n | grep LISTEN", if you have the service in LISTEN everything is fine, but otherwise check the service.
  • In addition to verifying the inbound rules of your instances, from the client instance it validates the outbound rules.
  • I understand that at the network level everything is well configured, but you could validate the communication between instances with reachability analyzer at the cloud level (there are other tools from the AWS Network Manager service), Docs: https://docs.aws.amazon. com/vpc/latest/reachability/getting-started.html
  • If you are trying to access some DNS name, but you don't have a DNS server, you will have to specify the DNS name locally in the instance's host file.
  • Perform connection tests from the client instance, and test the port 8700 connection via telnet, for example, in case of time out problems, rule out DNS problems and networking again.

Greetings.

profile picture
hmunoz
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content