TransWikia.com

ec2 instance connection timed out but can be pinged

Server Fault Asked by flowintent on November 12, 2021

I’ve seen many similar questions but none like this.

So I started an ec2 instance and installed apache, WordPress, etc on top. And I was able to access everything fine with the public IP provided to me.

Then I created a hosted zone on route 53 to redirect my domain to this instance. This worked, but I wanted to create an elastic IP to associate with my instance.

As soon as it associated I can no longer access my instance.

I can ping, ssh to my instance no problem. However, when accessing the Elastic IP or public DNS using a browser, it just hangs there for seconds and shows connection timed out. Security rule allows all the HTTP https ssh ICMP etc.

I thought it could be the server’s problem, but when I ssh to instance it shows httpd is running fine.

I have deleted the hosted space, got a new elastic IP to associate, restart the instance, but at no point did the server become accessible. Short of making a new instance.

So I’m stuck here and would appreciate any help possible. If it helps this is the instance ID: i-09fcc30eb8776b7fe

Thank you

edit: attaching screenshot of my instance and my security group rules

http://i.imgur.com/rVg6xoy.png

http://i.imgur.com/wIieG70.png

for security group rules, when I select the source as "anywhere", it auto-populates 0.0.0.0/0::/0, and the next time I go in it becomes 2 rules.

amazon ec2amazon elastic ipamazon route53amazon web servicesconnection

2 Answers

To allow an instance reachable on a particular port over the internet you have to make the following considerations.

  1. Make sure the instance is having a public IP address, this can be your elastic IP or a dynamic public IP provided by Amazon when you opt for it at the time of instance launch.
  2. The instance security group must allow the specific port from the internet where the source becomes 0.0.0.0/0 - for IPv4 and ::/0 For IPv6 respectively

  3. If you are using NACL then you should also allow the specific inbound port and allow the ephemeral port range in the outbound. This is because NACL is stateless. Please check here for recommended NACL rules for your VPC

  4. Lastly you have to make sure the subnet in which this instance is launched has a route to the internet gateway (IGW). You may review the route table entries associated with the subnet.

Answered by Supratik on November 12, 2021

With the advice from Tim, I ran curl -i address, finding that it shows 301 moved permanently.

Upon closer inspection, when I access the new public dns/elastic ip, it is still trying to connect to my old public ip which fails.

I created a new instance based on the image but when accessing the new instance public ip/elastic ip it still tries to connect to the old public ip.

In the end I created a new instance completely from scratch. This time I associate the elastic ip first, then redirect domain to the instance and everything worked.

(atm the browser still cant access my domain name because the ip is cached i think. opening in private/incognito and i see that it works. )

Answered by flowintent on November 12, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP