By using AWS re:Post, you agree to the Terms of Use

AWS Lightsail Firewall doesn't open a port or something else is blocking it

0

Hello,
The Lightsail Firewall is unable to open a specific port, I searched for this issue in the forums and there are several issues like this one but none of them has a valid solution for me.
I'm setting up my first Lightsail instance with Ubuntu 20.04 LTS and already installed Odoo and Postgresql. In the Lightsail firewall I opened 2 additional ports for any IP address: 8069 for the Odoo application and 5432 for PostgreSQL. I can access the Odoo application but I am unable to access the PostgreSQL service. I'm trying to open the PostgreSQL port (5432) on Networking > Firewall section (I did the same for the 8069) but seems it doesn't take any effect. I tried https://www.yougetsignal.com/tools/open-ports/ to test if the port is OPEN or CLOSED. Both public and private IP Port 22, 80 and 8069 are open. I’m pretty sure that there is a local firewall blocking incoming connections, in which case opening the port through the Lightsail firewall isn't sufficient. I tried connecting to the port locally from the server with “telnet 127.0.0.1 5432” and worked, but the same command using the external IP address didn’t.
I listed the active services running and ufw is active but “sudo ufw status” says inactive, so ufw is running but not blocking anything (I hope). I don’t identify any other service as a firewall (my only suspect is apparmor but I don't know how it works)
service --status-all

  • acpid : Advanced Configuration and Power Interface (ACPI) event daemon
  • apparmor : Linux kernel security module
  • apport : Apport intercepts Program crashes,
  • atd : runs jobs queued
  • console-setup.sh
  • cron : scheduler
  • cryptdisks
  • cryptdisks-early
  • dbus : message bus daemon
  • grub-common : Bootloader
  • hibagent
  • hwclock.sh
  • irqbalance
  • iscsid
  • keyboard-setup.sh
  • kmod : control kernel
  • lvm2
  • lvm2-lvmpolld
  • multipath-tools : configure multiple I/O paths between server nodes and storage arrays
  • odoo : Application
  • open-iscsi
  • open-vm-tools
  • plymouth
  • plymouth-log
  • postgresql : Database
  • procps : utilites for pseudo-filesystem
  • rsync
  • rsyslog : for logging
  • screen-cleanup
  • ssh
  • sysstat : system stats
  • udev : device management
  • ufw : <<<Firewall
  • unattended-upgrades
  • uuidd
  • x11-common
asked a year ago172 views
2 Answers
0

I just found out the problem. To make PostgreSQL available to an external IP there are two items to configure: postgresql.conf and pg_hba.conf. Some sort of script or whatever is commenting out the line with the Public IP address in the postgresql.conf. When I restart the PostgreSQL service, I can connect from my local PGAdmin4, but if I reboot the instance, "something" is commenting the line with the Public IP address. Now I have to find the guilty "something", I think I can figure it out.

answered a year ago
0

In addition to the two files you already mentioned, have you also taken a look at whether your settings are being overridden by config in postgresql.auto.conf? Settings in postgresql.auto.conf will override those in postgresql.conf (more docs about that config file here: https://www.postgresql.org/docs/13/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE).

A cursory Google search also turns this up, if this helps: https://dba.stackexchange.com/questions/180177/postgres-seems-to-ignore-listen-addresses-setting

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions