Strange Security Groups issue

Question

snapshot of events:
- Upgraded an existing instance from tiny to medium and added 400 GB. 
- Created a new security group and attached it to the instance. An inbound rule in the security group has the following: 
IP Version: IPv4
Type: Custom TCP
Protocol: TCP
Port Range: 5000
Source: 172.x.y.z (this is the internal ip address of another instance in the same VPC--masked for this thread)
- Ran a flask web server on the above instance that listens on port 5000.

I'm able to telnet to port 5000 on the same instance. However I get "Connection Refused" when I telnet to it from another instance in the same VPC. Even though the security group rule permits it. I even created a rule that allowed All TCP on All Ports from any instance in the same VPC and it failed. I've never had this problem before. I've setup several security group rules and they worked just fine. Any idea what I am doing wrong this time?

Accepted Answer

Even if your security group allows traffic, the instance itself might have a local firewall blocking it. Make sure the instance's firewall (iptables on Linux, Windows Firewall) has a rule allowing traffic on port 5000.

Check your Flask application to listen on 0.0.0.0 to accept connections on all interfaces.

```
if __name__ == "__main__":
    app.run(host='0.0.0.0', port=5000)

```

Answer

Which OS is this, and is there a host-based firewall?

This might be  `ufw` on Ubuntu, or `firewalld` on RHEL/CentOS/Fedora. Check port 5000 is open in its config.

Strange Security Groups issue

Relevant content