I have configured an Amazon EC2 instance running Ubuntu 14.04.4 LTS to use only one AWS security group which has all outbound traffic open and incoming traffic limited to allow incoming TCP connections to 22, 80, 443, 5000 from anywhere. I also have ufw configured and running so that these ports are open according to ufw status:
Status: active
To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
5000 ALLOW Anywhere
22 ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
5000 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Despite this, when I run nmap on my local machine to the address of the server, I get this:
Starting Nmap 7.12 ( https://nmap.org ) at 2016-08-17 22:55 EDT
Nmap scan report for xxxxxxx.com (xx.xx.xx.xx)
Host is up (0.013s latency).
rDNS record for xx.xx.xx.xx: ec2-xx-xx-xx-xx.compute-1.amazonaws.com
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
5000/tcp closed upnp
Nmap done: 1 IP address (1 host up) scanned in 5.61 seconds
Why is port 5000 showing up as closed instead of open? What is missing here?
Best Answer
So it turns out that the reason why port 5000 showed up as closed was because there was nothing running on the server yet to accept incoming connections. After running the application on the server side, it showed up as open.
Shoehorning what is essentially a trinary (available, open, closed) state into a binary one is going to inevitably cause confusion. There is no technology reason why this distinction can't be surfaced in server applications and tools. For the sake of every single human being, whom in aggregate wasted countless hours figuring this out, it should be.