- Newest
- Most votes
- Most comments
Selecting HTTPS in the security group rule will only open port 443, to open port 80 as well then another rule needs to be added for HTTP.
To allow port 5000 incoming, add a new inbound rule of type Custom TCP whose port range is 5000. And do the same for a new outbound rule.
Have you checked the NACL on the subnet where the web server resides?
Hi thanks, added 2 rules ( 1 for inbound and the other for the outbound ) as suggested, however, still not accessible. I tried both the public v4 ip address as well as the fqdn. ping the ip to no avail neither.
I've captured the security setting for both inbound and outbound and crossed out part of the instance name (for security), too bad, I'm unable to post the screenshot for you to see.
" is Windows Firewall running, and is port 5000 opened on that?"
Excellent point, I'll investigate that.
UPDATE: after opening port 80 and port 5000 via windows firewall by adding 2 new rules. The web server at port 80 is now accessible from outside with HTTP for both fqdn or its public IP address but port 5000 is not accessible.
Many thanks.
UPDATE 2/1/2024 8:13AM "Can the webserver be reached from inside the Windows instance on port 5000, e.g. something like http://localhost:5000", Yes.
Update: 2/2/2024 11:50AM EST "Check you're using HTTP and not HTTPS when connecting to port 5000.", Yes, using HTTP.
" You could try tracert to see if it offers up anything https://support.microsoft.com/en-gb/topic/how-to-use-tracert-to-troubleshoot-tcp-ip-problems-in-windows-e643d72b-2f4f-cdd6-09a0-fd2989c7ca8e ", I even went a step further, using tcptraceroute {fqdn} 5000 on a website with this tool. But when I tried to access this http://{instance}:5000 from multiple devices, all hanging up, unable to reach it. It seems some sort of network permission for 5000 has not been granted yet and some other network security related stuff going on.
Appreciated.
RESOLVED: I was running Flask using default (which points to 127.0.0.1), which I didn't realize. Once adding a proper host address, it's accessible now. Many thanks.
For NACL, I've just added a new rule (not using HTTP, instead Custom TCP because "HTTP (80)" is the only option for HTTP : Custom TCP TCP (6) 5000 0.0.0.0/0 Allow however, the 5000 port is still not accessible.
Thanks.
Relevant content
- Accepted Answerasked 7 months ago
- asked a year ago
- Accepted Answerasked 3 days ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
You won't be able to ping unless you allow an inbound rule for ICMP https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-ping
And you can post screenshots in a question and a reply (but not a comment), if you go back and edit your reply starting Hi thanks and the fourth icon from the right allows you to add an image.
Just to confirm, you're already able to RDP into the EC2 instance (I suppose you must be, to have installed the webserver software, and then setup to listen on the non-standard port 5000) ? is Windows Firewall running, and is port 5000 opened on that?
Can the webserver be reached from inside the Windows instance on port 5000, e.g. something like http://localhost:5000
Okay, so there's something blocking port 5000 between the local device you're on (with the browser pointing to http://[ec2_public_ip]:5000/ and the EC2 instance. Working backwards from the EC2, you've opened the port in Windows firewall, and in the security group that's associated with the EC2. Beyond this you're pretty much at the perimeter of the VPC.
Is there anything that could be blocking outbound port 5000 from your local device, or any networking gear in the way that could be doing so?
Check you're using HTTP and not HTTPS when connecting to port 5000.
You could try
tracertto see if it offers up anything https://support.microsoft.com/en-gb/topic/how-to-use-tracert-to-troubleshoot-tcp-ip-problems-in-windows-e643d72b-2f4f-cdd6-09a0-fd2989c7ca8eYour security groups are fine, you can get onto the host on port 3389 to use RDP, and you've said previously a browser can connect on port 80. Port 5000 is open just the same in the same security group, so that's not the problem.
The app is listening on port 5000 as you can connect on localhost, but something is blocking it from outside. Double check Windows Firewall again, and also is there any kind of allow-list or deny-list as part of the webserver or application config?