Amazon AWS EC2 ports: connection refused

7
votes

I have just created an EC2 instance on a brand new AWS account, behind a security group, and loaded some software on it. I am running Sinatra on the machine on port 4567 (currently), and have opened that port in my security group to whole world. Further, I am able to ssh into the EC2 instance, but I cannot connect on port 4567. I am using the public IP to connect:

shakuras:~ tyler$ curl **.***.**.***:22
SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
curl: (56) Recv failure: Connection reset by peer
shakuras:~ tyler$ curl **.***.**.***:4567
curl: (7) Failed connect to **.***.**.***:4567; Connection refused

But my webserver is running, since I can see the site when I curl from localhost:

ubuntu@ip-172-31-8-160:~$ curl localhost:4567
Hello world! Welcome

I thought it might be the firewall but I ran iptables and got: 

ubuntu@ip-172-31-8-160:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I'm pretty lost on what is going on here. Why can't I connect from the outside world?

4
amazon-web-servicesamazon-ec2ports
What interface is the web server listening on?ajtrichards
You allocated and associated an elastic IP with this EC2 instance?user602525
I did use an elastic IP for this EC2 instance, yes. As far as the interface, I believe that is correct. netstat -an returns Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:4567 0.0.0.0:* LISTEN so I'm pretty sure it's listening to the right stuff theretrlemburg
Just curious, but if you change it to another port, like 80 or something and open that open, then can you connect? Lastly, "have you tried turning it off and on again?"user602525
Yep, I tried both of those.trlemburg

4 Answers

2
votes

This sounds like issue with the Sinatra binding. Could check this and this and even this link which talks about binding Sinatra to all IP addresses.

2
votes

Are you sure that the web server is listening on other interfaces than localhost? Check the output of netstat -an | grep 4567

If it isn't listening on 0.0.0.0 then that is the cause.

2
votes

You are listening on 127.0.0.1 based on your netstat command. This is what the output should be something like this:

tcp        0      0 :::8080                     :::*                        LISTEN

Can you post your Sinatra configs? What are you using to start it ?

0
votes

This doesnot work on a simple Amazon AMI , with installation as shown in http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-install.html

Step 1 , 2, 3 works (agent installation and starting demon ) as shown

[ec2-user@ip-<ip> ~]$ curl http://localhost:51678/v1/metadata
curl: (7) Failed to connect to localhost port 51678: Connection refused

infact netstat shows some listening tcp ports but one able to connect , definitely not 51678 tcp .