I have a similar issue to a previous thread ec2-vpc-instance-ports-are-filtered where I'm reasonably confident I have the security group set up correctly and have services listening on the ports, but I'm still seeing filtered ports when running nmap.
I have two EC2 instances. One is AWS which is working fine and the other is Redhat which isn't. I have the below security policy applied to both instances. The redhat instance only allows ping and ssh, the AWS allows all rules.
Type Protocol Port Range Source
HTTP TCP 80 212.250.191.71/32
HTTP TCP 80 85.91.28.28/32
SSH TCP 22 212.250.191.71/32
SSH TCP 22 5.80.62.149/32
SSH TCP 22 85.91.28.28/32
Custom TCP Rule TCP 8080 - 8089 212.250.191.71/32
Custom TCP Rule TCP 2001 212.250.191.71/32
HTTPS TCP 443 212.250.191.71/32
HTTPS TCP 443 85.91.28.28/32
Custom ICMP Rule - IPv4 Echo Request N/A 212.250.191.71/32
nmap -sTU -O shows
AWS version
Host is up (0.023s latency).
Not shown: 1000 open|filtered ports, 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
2001/tcp open dc
8080/tcp open http-proxy
Redhat
Host is up (0.024s latency).
Not shown: 1000 open|filtered ports, 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
netstat -plunta | grep LISTEN
AWS version
tcp 0 0 0.0.0.0:3020 0.0.0.0:* LISTEN 4869/q
tcp 0 0 0.0.0.0:40781 0.0.0.0:* LISTEN 4618/q
tcp 0 0 0.0.0.0:3022 0.0.0.0:* LISTEN 4875/q
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3152/rpcbind
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:3024 0.0.0.0:* LISTEN 4938/q
tcp 0 0 127.0.0.1:18001 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:2001 0.0.0.0:* LISTEN 4611/q
tcp 0 0 0.0.0.0:3026 0.0.0.0:* LISTEN 4736/q
tcp 0 0 0.0.0.0:2002 0.0.0.0:* LISTEN 4621/q
tcp 0 0 0.0.0.0:3028 0.0.0.0:* LISTEN 4812/q
tcp 0 0 0.0.0.0:3030 0.0.0.0:* LISTEN 4859/q
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3355/sshd
tcp 0 0 0.0.0.0:3065 0.0.0.0:* LISTEN 4738/q
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3706/sendmail
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 21880/sshd
tcp 0 0 0.0.0.0:3034 0.0.0.0:* LISTEN 4705/q
tcp 0 0 0.0.0.0:3067 0.0.0.0:* LISTEN 4805/q
tcp 0 0 0.0.0.0:3004 0.0.0.0:* LISTEN 5013/q
tcp 0 0 0.0.0.0:3036 0.0.0.0:* LISTEN 4932/q
tcp 0 0 0.0.0.0:45053 0.0.0.0:* LISTEN 3173/rpc.statd
tcp 0 0 0.0.0.0:3006 0.0.0.0:* LISTEN 4979/q
tcp 0 0 0.0.0.0:3038 0.0.0.0:* LISTEN 4871/q
tcp 0 0 127.0.0.1:45375 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:3040 0.0.0.0:* LISTEN 4742/q
tcp 0 0 0.0.0.0:3042 0.0.0.0:* LISTEN 4851/q
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:3013 0.0.0.0:* LISTEN 4934/q
tcp 0 0 0.0.0.0:1254 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:3046 0.0.0.0:* LISTEN 4857/q
tcp 0 0 0.0.0.0:3016 0.0.0.0:* LISTEN 4968/q
tcp 0 0 0.0.0.0:3048 0.0.0.0:* LISTEN 4744/q
tcp 0 0 127.0.0.1:17001 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 4994/java
tcp 0 0 0.0.0.0:3050 0.0.0.0:* LISTEN 4867/q
tcp 0 0 0.0.0.0:3018 0.0.0.0:* LISTEN 4796/q
tcp 0 0 172.31.37.100:17003 0.0.0.0:* LISTEN 4994/java
tcp 0 0 127.0.0.1:43339 0.0.0.0:* LISTEN 4994/java
tcp 0 0 :::53805 :::* LISTEN 3173/rpc.statd
tcp 0 0 :::111 :::* LISTEN 3152/rpcbind
tcp 0 0 :::22 :::* LISTEN 3355/sshd
tcp 0 0 ::1:6010 :::* LISTEN 21880/sshd
tcp 0 0 :::3002 :::* LISTEN 4754/java
tcp 0 0 ::ffff:172.31.37.100:12169 :::* LISTEN 4640/java
tcp 0 0 :::3306 :::* LISTEN 3658/mysqld
Redhat version
tcp 0 0 0.0.0.0:8011 0.0.0.0:* LISTEN 18151/java
tcp 0 0 172.31.31.147:17004 0.0.0.0:* LISTEN 18151/java
tcp 0 0 0.0.0.0:3053 0.0.0.0:* LISTEN 17851/q
tcp 0 0 0.0.0.0:3086 0.0.0.0:* LISTEN 17899/q
tcp 0 0 0.0.0.0:3023 0.0.0.0:* LISTEN 18130/q
tcp 0 0 0.0.0.0:3055 0.0.0.0:* LISTEN 18074/q
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:3088 0.0.0.0:* LISTEN 17973/q
tcp 0 0 0.0.0.0:3057 0.0.0.0:* LISTEN 18091/q
tcp 0 0 127.0.0.1:40306 0.0.0.0:* LISTEN 18151/java
tcp 0 0 0.0.0.0:8082 0.0.0.0:* LISTEN 18151/java
tcp 0 0 127.0.0.1:18003 0.0.0.0:* LISTEN 18151/java
tcp 0 0 0.0.0.0:3027 0.0.0.0:* LISTEN 17960/q
tcp 0 0 0.0.0.0:3059 0.0.0.0:* LISTEN 17903/q
tcp 0 0 0.0.0.0:2003 0.0.0.0:* LISTEN 17754/q
tcp 0 0 0.0.0.0:2004 0.0.0.0:* LISTEN 17762/q
tcp 0 0 0.0.0.0:3061 0.0.0.0:* LISTEN 18010/q
tcp 0 0 127.0.0.1:37398 0.0.0.0:* LISTEN 18151/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1076/sshd
tcp 0 0 0.0.0.0:3031 0.0.0.0:* LISTEN 18089/q
tcp 0 0 0.0.0.0:3033 0.0.0.0:* LISTEN 18020/q
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1042/master
tcp 0 0 0.0.0.0:3066 0.0.0.0:* LISTEN 18013/q
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 15960/sshd: ec2-use
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 15992/sshd: cdoyle@
tcp 0 0 0.0.0.0:3005 0.0.0.0:* LISTEN 18170/q
tcp 0 0 0.0.0.0:3037 0.0.0.0:* LISTEN 18095/q
tcp 0 0 0.0.0.0:3069 0.0.0.0:* LISTEN 17905/q
tcp 0 0 0.0.0.0:3071 0.0.0.0:* LISTEN 18087/q
tcp 0 0 0.0.0.0:3008 0.0.0.0:* LISTEN 18135/q
tcp 0 0 0.0.0.0:3041 0.0.0.0:* LISTEN 17897/q
tcp 0 0 0.0.0.0:40802 0.0.0.0:* LISTEN 17746/q
tcp 0 0 0.0.0.0:3044 0.0.0.0:* LISTEN 17980/q
tcp 0 0 127.0.0.1:8007 0.0.0.0:* LISTEN 18151/java
tcp 0 0 0.0.0.0:1255 0.0.0.0:* LISTEN 18151/java
tcp 0 0 0.0.0.0:3047 0.0.0.0:* LISTEN 18015/q
tcp 0 0 0.0.0.0:3017 0.0.0.0:* LISTEN 18076/q
tcp 0 0 127.0.0.1:17002 0.0.0.0:* LISTEN 18151/java
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1076/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1042/master
tcp6 0 0 :::3002 :::* LISTEN 17918/java
tcp6 0 0 ::1:6010 :::* LISTEN 15960/sshd: ec2-use
tcp6 0 0 ::1:6011 :::* LISTEN 15992/sshd: cdoyle@
tcp6 0 0 172.31.31.147:12170 :::* LISTEN 17786/java
My first thought was that maybe I have iptables running on Redhat but not AWS however running
service iptables stop
service ip6tables stop
hasn't helped. Strange to me that the same security group works on one instance but not the other.
My networking experience is fairly limited, so any ideas gratefully appreciated.
Thanks for your help!
Fixed - needed to flush the cached rules of iptables with