Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!
Can not access elastic IP address via HTTP
Have triple checked all default EC2 settings are appropriate for HTTP access, but can not do so.
Other odd behavior, for a while could only ping to instance from the instance itself and a VPS server, not from my local home computer even though 0.0.0.0/32 set for request and replies. Can now do so.
Could http using private IP address from instance itself (using curl), but can no longer do so.
Am I the only one frustrated by the lack of Tag diversity? No tag available for this issue. What tag would you suggest?
- Newest
- Most votes
- Most comments
Hi again,
While the initial network configuration appears correct, a potential issue could be a port mismatch between your Python web server and the Security Group rule.
Python webserver runs on port 8000 by default. However, the Security Group rule we reviewed is currently configured to allow traffic on port 80, which is the standard port for HTTP.
To confirm if this is the case, we can quickly check which port your web server is running:-
netstat -tuln | grep 80 netstat -tuln | grep 8000
If a port mismatch is the issue, we have a couple of options to resolve it:
Run the Python web server on port 80: This will align with the existing Security Group rule. You can typically do this using the command:
sudo python3 -m http.server 80
OR
Update the Security Group to allow traffic on port 8000: if you wish to keep the web server on 8000.
Best,
Answer does not help. Running the world's simplest web server (python3 -m http.server) without any prior web server related configuration on brand new EC2 instance so should not be any overhead from previous werb servers.
Also performed the following with respect to default firewalld which Amazon sneaks on to the instances and still no joy:
$ sudo ufw status sudo: ufw: command not found [ec2-user@ip-123-12-12-12 ~]$ sudo systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-22 19:19:07 UTC; 1h 36min ago Docs: man:firewalld(1) Main PID: 1959 (firewalld) Tasks: 2 (limit: 1111) Memory: 1.3M CPU: 870ms CGroup: /system.slice/firewalld.service └─1959 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Apr 22 19:19:11 ip-123-12-12-12.us-east-2.compute.internal firewalld[1959]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t na> Apr 22 19:19:11 ip-123-12-12-12.us-east-2.compute.internal firewalld[1959]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t na> Apr 22 19:19:11 ip-123-12-12-12.us-east-2.compute.internal firewalld[1959]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t fi> [ec2-user@ip-123-12-12-12 ~]$ ps aux | grep iptables ec2-user 6725 0.0 0.2 222316 1972 pts/0 S+ 20:57 0:00 grep --color=auto iptables [ec2-user@ip-123-12-12-12 ~]$ sudo systemctl stop firewalld [ec2-user@ip-123-12-12-12 ~]$ sudo systemctl disable firewalld
Wise move to disable firewalld until you get to the bottom of this and straighten it out.
If you choose to re-enable firewalld later, make sure that the webserver port is opened (whether that's 80 or 8000 or whatever) is opened https://firewalld.org/documentation/howto/open-a-port-or-service.html
Thanks Steve_M. FYI for others, firewalld can be restarted and port opened with:
sudo systemctl start firewalld sudo firewall-cmd --permanent --zone=public --add-port=80/tcp. # substitute port number, include --permanent if intend to survive restart sudo firewall-cmd --reload
NOTE: sudo necessary for port 80, but necessarily other ports
hi,
your image provided it looks perfectly configured, but i am not understanding when you said " even though 0.0.0.0/32 set for request and replies. "
this mean--------- No one — single IP of 0.0.0.0, so if in SG or NACLE---it blocks everyone.
is it just the typo?
OR
also check the instance details to see if it has an associated public IP that matches your EIP.
<aws ec2 describe-instances --filters "PublicIp=<your_eip>"
Associate an Elastic IP address to an instance:- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-eipassociation.html
Best,
Thank you for your response. I'm ~99% sure everything is configured the way it should be. Do these screenshots-- which take minutes to create due to need to mask details-- confirm your understanding of what I meant?
[Living in prehistoric times with this method of support. I paid for support, but the AWS support website does not recognize and won't allow ticket creation.]
Thanks for your help.
Unless using an EIP, the public IP address will change each time you stop and start the EC2.
Ensure you are using the correct IP
Relevant content
- asked a year ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago
This hasn't come out very well:
It should be two separate commands on two separate lines:
Also, given that 80 is a substring of 8000 (so grepping for 80 will capture either), for clarity it might be best to grep for the port as a word:
Of course! I should have noticed the port discrepency. Thank you Malini for catching the fact I was passing port 8000 to http.server, but attempting to access default port 80!
The other note I would add for people have similar problems is that the instance may need to be restarted after assigning Elastic IP and/or changing network security rules.