Firewall – How to debug a port/connectivity issue

amazon ec2firewallnetworkingport

I am running a simple WebSocket server on Amazon EC2 (Fedora Core). I've opened the relevant port using ec2-authorize, and checked that it's opened. Iptables is definitely not running. However I can't connect to the port from outside EC2.

I've tried the following (my server is running on port 7000):

telnet ec2-public-dns.xx.xx.xx.amazon.com 7000  

(from within EC2: connects fine)

nmap localhost

(output includes line: 7000/tcp open afs3-fileserver)

telnet ec2-public-dns.xx.xx.xx.amazon.com 7000  

(this time from my local machine: I get "connection refused: Unable to connect to remote host")

The strange thing is this: if I start Nginx on port 7000 then it works and I can connect from outside EC2! And the WebSocket server fails on port 80, where Nginx works fine.

To me this suggests a problem with the WebSocket server, BUT I can connect to it successfully from within EC2. (And it works fine on a different VPS account).

How can I debug this further? If anybody can stop me tearing my hair out, I'd be very grateful indeed 🙂

Best Answer

is it possible that your service listens only on loopback interface?

on your amazon box run

netstat -lanp|grep LISTEN|grep 7000 

you expect to have something like:

tcp        0      0 0.0.0.0:7000              0.0.0.0:*               LISTEN      2216/abc

rather than

tcp        0      0 127.0.0.1:7000          0.0.0.0:*               LISTEN      13798/abc