Doubts about Amazon Linux ami ports setup on EC2

I have a very simple setup: an ami image, with spring-boot/tomcat listening on ports 8080 and 8081. I have the security group with ping and http enabled. From the list below I can see port 22, 8080, and 8081. I can ping from my laptop, curl (using 127.0.0.1) to port 808X with no problems. But a request to 127.0.0.1 is rejected, so I can't check if the port forwarding is working.

What am I missing from the setup? Thanks!!

tcp        0      0 127.0.0.1:27017             127.0.0.1:43326             ESTABLISHED 
tcp        0      0 127.0.0.1:27017             127.0.0.1:43388             ESTABLISHED 
tcp        0      0 127.0.0.1:27017             127.0.0.1:43334             ESTABLISHED 
tcp        0      0 127.0.0.1:27017             127.0.0.1:43330             ESTABLISHED 
tcp        0      0 127.0.0.1:27017             127.0.0.1:43386             ESTABLISHED 
tcp        0      0 127.0.0.1:27017             127.0.0.1:43390             ESTABLISHED 
tcp        0      0 127.0.0.1:27017             127.0.0.1:43384             ESTABLISHED 
tcp        0      0 :::111                      :::*                        LISTEN      
tcp        0      0 :::8080                     :::*                        LISTEN      
tcp        0      0 :::8081                     :::*                        LISTEN      
tcp        0      0 :::35729                    :::*                        LISTEN      
tcp        0      0 :::22                       :::*                        LISTEN      
tcp        0      0 :::55233                    :::*                        LISTEN      
tcp        0      0 ::ffff:127.0.0.1:43328      ::ffff:127.0.0.1:27017      ESTABLISHED

Update

I also type:

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo service iptables save
sudo service iptables start
sudo service iptables status

And given that I add "HTTP"(port 80) to the security group, I thought that would be enough to tell the OS to forward the requests. Tomcat/Spring-boot is running on 8080.

UPDATE 2

If I restrict my security group http setting to use only my ip then the port opens and redirection works. Exactly the same set of commands

amazon-ec2

efekctive

Posted 2017-11-19T00:33:19.310

Reputation: 101

I think I've answered your question, below, but you mentioned "port forwarding" in spite of the fact that there is no mention of any port forwarding anywhere in the question, unless you're talking about security group rules, which I would not call "port forwarding." "a request to 127.0.0.1 is rejected"... you do know what 127.0.0.1 is, correct? – Michael - sqlbot – 2017-11-19T04:51:57.217

@Michael-sqlbot. Please see the update. Thanks you very much! – efekctive – 2017-11-19T14:10:17.003

"If I restrict my security group http setting to use only my ip then the port opens and redirection works." Okay, so what rule are you putting into the security group that does not work? I don't see where you've explained that. – Michael - sqlbot – 2017-11-19T18:42:27.967

Http, ssh, and icmp/ping. Http originally was anywhere one. It creates two entries: one for IP4 and another for IP6. After removing those and adding "my ip" option, everything works as expected. I will try using only IP4 in the security group to see if it makes a difference with tomcat – efekctive – 2017-11-19T18:48:45.760

You said "http to use only my IP," so I asked you what IP you tried before, and you answered "http, ssh, and icmp/ping" and "http anywhere one." Your terminology is a bit loose. Security group rules consist of a service or protocol+port [+range] or "all [protocol]" or "all traffic" and a source specification, usually an IP address or CIDR block. Please describe these things clearly and completely. – Michael - sqlbot – 2017-11-19T19:00:03.150

Doubts about Amazon Linux ami ports setup on EC2

Answers