my ec2 linux is not connect to the internet? - linux

when I ran $ git clone https://github.com/aliscie/autodox it took too long to respond to this command and then it shows fatal: unable to access 'https://github.com/<whatever>': Failed to connect to github.com port 443: Connection timed out. Also, when I tried sudo yum install docker I got the same issue but different error message
https://amazonlinux-2-repos-eu-west-1.s3.eu-west-1.amazonaws.com/2/extras/docker/stable/x86_64/9273ea3ff10ea479755a952f9b7816de5808a0
9ab6d2cf7c7f56ea422962d7ac/repodata/repomd.xml?instance_id=i-0baa228b430689a3b&region=eu-west-1: [Errno 12] Timeout on https://amazon
linux-2-repos-eu-west-1.s3.eu-west-1.amazonaws.com/2/extras/docker/stable/x86_64/9273ea3ff10ea479755a952f9b7816de5808a09ab6d2cf7c7f56
ea422962d7ac/repodata/repomd.xml?instance_id=i-0baa228b430689a3b&region=eu-west-1: (28, 'Connection timed out after 5000 milliseconds
')
Trying other mirror.
I tried
aws configure but I did not provide AWS Access Key ID because I don't
I tried to flow the article Troubleshoot EC2 instance internet gateway but it was useless for me
in security groups I setted Inbound and Outbound rules to allow all trafices anywhere.

In general, Security groups should be configured with:
Inbound rules that permit access to the desired ports (eg port 80 for HTTP, port 443 for HTTPS, port 22 for SSH) from as few IP addresses as possible. For example, HTTP would be open to the Internet (0.0.0.0/0) but while SSH should be open only to your IP address
Outbound rules that "Allow All" outbound access because you can typically trust what is running on your own instance
In general, Network Access Control Lists (NACLS) should never be changed from their default "Allow All" state unless you have a very specific networking requirement (eg creating a DMZ). Security Groups are sufficient for controlling access.

Related

Unable to access Grafana UI

I installed Grafana in an AWS linux machine. Post that i started Grafana server also which is there in bin folder. But still i am unable to access Grafana UI from a web browser. I am using below URL to access Grafana UI
http://52.209.135.66:8000/
I tried to check connectivity from terminal by using below command
wget http://52.209.135.66:8000/
the output of the command is
--2020-07-22 17:40:12-- http://52.209.135.66:8000/
Connecting to 52.209.135.66:8000... failed: Connection timed out.
Retrying.
--2020-07-22 17:42:22-- (try: 2) http://52.209.135.66:8000/
Connecting to 52.209.135.66:8000...
As suggested in few online articles i executed below command to remove the firewall settings, still it is not accessible
sudo iptables -F
Can someone please help me in resolving this issue?
Check the following areas:
Inbound Rule for the Security Groups attached to your instance: they must allow for port 8000 coming from 0.0.0.0/0
Custom Network ACLs associated with the VPC subnet where your instance is provisioned (Default ACL should allow all traffic). Ensure either all traffic is allowed or there are rules that allow inbound traffic on port 8000 from 0.0.0.0/0 AND outbound traffic to anywhere on the peripheral ports.
The instance is in a public subnet: that is, there's route from the subnet to the Internet Gateway.
The IP address is associated with your instance

Why does AWS firewall not permit remote connection from my work computer?

I setup an EC2 instance (Amazon Linux AMI) to host a Docker API (Flask application with Python). The application is running on port 5000. Using my local PC (which is remote), I am able to hit the API with a browser (i.e., http://ipaddress:5000/), and get the "Hello, World!" response. The issue is that when I do the same thing on another computer (my work computer), I get a connection refused error.
In the security group for the instance, these are my inbound rule settings (I know this isn't secure, it's just a Hello World example):
HTTP (TCP): Port 80, allow 0.0.0.0/0, ::/0
SSH (TCP): Port 22, allow 0.0.0.0/0
Custom TCP Rule (TCP): Port 5000, 0.0.0.0/0, ::/0
The question: Why is the firewall blocking one remote computer and not the other?
The problem: Corporate firewalls will often set outbound rules that limit which ports you can access from websites outside of your organization.
The solution: Since Port 80 is a common port used for web servers, corporate firewalls (generally) don't block outbound traffic to these ports. Therefore, I was able to fix this problem by deploying the AWS API on Port 80. Then, I was able to connect to the API from within my corporate network.

Unable to establish connectivity on a port after configuring proper rules

I have a Linux VM on azure, which I can access using SSH without any issues. I needed access to another port(lets say 7077) from outside, and here is what i have done so far, but unable to establish connectivity
Created an inbound rule from the networking settings, it created the rule on the Network security Group attached to the network interface.
Added a new Network Security Group, attached it to the Subnet
If I do a netcat request on port 22, i get a successful connectivity, but for the port 7077 I get connection refused.
Also with IP flow verification passes for the port
Any pointer would be helpful.
You need to allow that same port in the firewall settings of the VM. The OS itself is what is refusing the connection suggesting you have not setup any firewall rules to allow that port.
Try adding a allow rule in the firewall settings and see if you can reach that port.
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
http://www.thegeekstuff.com/2011/02/iptables-add-rule/
Ubuntu 17.04
https://help.ubuntu.com/lts/serverguide/firewall.html

Not able to access application hosted on Linux VM on Azure cloud

I have created a CentOS 7.1 VM using Resource Manager deployment model.
I am not able to access the application using a browser on a machine connected to internet.
However I am able to access the application on same machine and other VM on same virtual network using private IP address.
I configured Network Security Group and allowed port 80 and 443 in Inbound Rules.
Well, it turned out that I needed to open ports under "Inbound Security Rules" and needed to open all in "Source Port Range". For doing so, i needed to put * there and in Destination port for https - 443 etc.
This * thing was the catch which i was missing in all the Inbound security rules for allowing the ports.

how to configure security group in amazon EC2

I am new to this Aws security to deploy in amazon webservice.
When i restrict security groups with some IP address, my application runs dead slow or it may not run also, thats the reason i am getting connection time out when i try to call webservice which is deployed in aws. When i open the IP address restriction in Security groups it works fine.
How to configure my AWS using security groups. so that my application is accessible to only to some restricted networks.
Please help me put on this.
Below are the my security group details
INBOUND
Type Protocol Port range Source
MYSQL TCP 3306 X.X.X.X/X
SSH TCP 22 X.X.X.X/X
HTTP TCP 80 X.X.X.X/X
OUBOUND
Type Protocol Port range Source
MYSQL TCP 3306 0.0.0.0/0
SSH TCP 22 0.0.0.0/0
HTTP TCP 80 0.0.0.0/0
i am using hibernate for DB connection from my web application. But everytime i am getting connection timeout with the above security group. but if i remove the IP address restrictions it works fine.
Note: DB connection works fine from mysql workbench
<property name="hibernate.connection.url">jdbc:mysql://schemaname.amazonDBInsatnce:3306/test</property>
Security Groups will not "slow down" access to an Amazon EC2 instance. They are used to determine which ports are open to a given range of IP addresses. Either the traffic is allowed through, or it is not.
Security Groups can be defined for Inbound and Outbound traffic. By default, all Inbound traffic is denied and all Outbound traffic is permitted.
It is possible that your application is trying to access some external service and is timing-out, hence causing delays. Permitted all Outbound traffic is usually acceptable, so try that first and see if your application performs better.
Also, check the log files that your application is producing to see if any errors are being generated, which will give you a hint as to what might be happening.

Resources