By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2's EIP port 443 not working

0

Hi everyone,

I have an EC2 instance with Ubuntu and an attached Elastic IP (EIP), and services running on ports 443 and 3000. The security group settings are as follows:

Port rangeProtocolSource
22TCP10.0.0.0/8
3000TCP10.0.0.0/8
443TCP0.0.0.0/0

The problem is that when I use telnet to test the ports, for example:

$ telnet internal IP:22 or $ telnet to the internal IP:3000, it works fine.

However, when I try to $ telnet EIP:443, it fails and returns a connection refused error.

When I try $ telnet internal IP:443, it works fine.

But the security group is configured with 0.0.0.0/0. Why can't I telnet to the EIP on port 443?

BTW, the ufw is inactive, and don't have iptables, Network ACL as follow:

Rule numberTypeProtocolPort rangeSourceAllow/Deny
100All trafficALLALL0.0.0.0/0Allow
*All trafficALLALL0.0.0.0/0Deny
Topics
Compute
Tags
Amazon EC2
Language
English
Duke
asked 14 days ago93 views
2 Answers
1
Accepted Answer

Is there an Internet Gateway attached to the VPC or is it over a NAT Gateway? Can you access Internet from the instance? Here is a detail troubleshooting list.

profile pictureAWS
EXPERT
AWS-User-alantam
answered 14 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 13 days ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed 14 days ago
  • iBehr EXPERT
    13 days ago

    Not only is there an IGW on the VPC but is it in the Route Table for the subnet containing the instance as the default route.

    Also recommend checking VPC flowlogs for REJECT messages to help troubleshoot.

  • Duke
    13 days ago

    Hi AWS-User-alantam, Thank you for your reply.

  • Duke
    13 days ago

    It's route table not associate with IGW.

1

Two things come to mind here, firstly do you have the security group associated with the new network interface that has the elastic IP atttached? https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html#MultipleIPReqs

  • You associate security groups with network interfaces, not individual IP addresses. Therefore, each IP address you specify in a network interface is subject to the security group of its network interface.

Second thing is around the software that is listening on port 443, is it set to listen on the IP address associated with the NIC to which the elastic IP is attached? Taking Apache as an example https://httpd.apache.org/docs/2.4/bind.html

profile picture
EXPERT
Steve_M
answered 13 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 13 days ago
  • Duke
    13 days ago

    Hi Steve_M, Thank you for your reply.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content