Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to connect to port despite changing setting in security group and firewall

0

Hi, I am trying to change the SSH port from 22 to 2222 to experiment with SSH protection. I have managed to change ssh.service in the server to listening to port 2222. I have also added port 2222 as customer tcp in inbound rule of the security group. I have used "sudo ufw allow 2222/tcp" which I think should change the firewall setting. However, I am still unable to make ssh connection to port 2222. When I scan with nmap, it shows that 2222 status is "filtered". I wonder what I can do to fix this. Thank you!

Topics
ComputeNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon EC2AWS Firewall ManagerSecurity Group
Language
English
asked a year ago171 views
1 Answer
0

Steps to Resolve the Issue Verify SSH Daemon Configuration

Confirm that the SSH service is configured to listen on port 2222:

sudo grep -i "Port" /etc/ssh/sshd_config

Ensure that Port 2222 is explicitly specified in /etc/ssh/sshd_config and not commented out. Restart the SSH service to apply changes:

sudo systemctl restart sshd Ensure Firewall Configuration

Check your current firewall status:

sudo ufw status

Verify that 2222/tcp is listed as allowed. If it is not:

sudo ufw allow 2222/tcp
sudo ufw reload

Verify Security Group Rules (For Cloud Instances)

Double-check the security group attached to your instance: Ensure an inbound rule exists for port 2222 for the required IP range (e.g., 0.0.0.0/0 or specific trusted IPs). Check for Conflicting Rules

Some environments might have other firewalls (e.g., iptables) in addition to ufw:

sudo iptables -L -n

Ensure there are no rules explicitly blocking port 2222. Verify Service Listening on Port

Ensure the SSH service is actively listening on port 2222:

sudo netstat -tuln | grep 2222

Expected output should show a line like:

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN Check Nmap Results

If nmap shows port 2222 as filtered, it indicates that the packets are being dropped by a firewall or network-level filter. Possible causes: Security Group Issue: Double-check that the correct security group is applied to your instance. Network Firewall: Some organizations or ISPs may block non-standard ports. Verify with your network administrator or ISP. Test the Connection Locally

If remote connections to 2222 fail, test SSH locally on the server itself:

ssh -p 2222 localhost

This test bypasses external networking and helps confirm if the issue is server-side or network-related. Restart the Server (Optional)

Sometimes, restarting the server ensures all changes (e.g., SSH daemon, firewall) are applied:

sudo reboot

Additional Debugging Tools Use SSH Verbose Mode

Run SSH with verbose mode to get detailed error messages:

ssh -vvv -p 2222 username@hostname

Inspect Logs

Check the SSH server logs for any errors:

sudo journalctl -u sshd

Look for any errors or misconfigurations related to port 2222.

You should also check this too

Security Group Not Updated: Forgetting to save or apply security group changes. Firewall and Security Group Conflict: Both must explicitly allow port 2222. Incorrect IP Range in Rules: Ensure that the IP range allows your client’s public IP. By following these steps, you should be able to resolve the issue with connecting to port 2222.

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content