3

I have configured an Amazon EC2 instance running Ubuntu 14.04.4 LTS to use only one AWS security group which has all outbound traffic open and incoming traffic limited to allow incoming TCP connections to 22, 80, 443, 5000 from anywhere. I also have ufw configured and running so that these ports are open according to ufw status:

Status: active

To                         Action      From
--                         ------      ----
Nginx Full                 ALLOW       Anywhere
5000                       ALLOW       Anywhere
22                         ALLOW       Anywhere
Nginx Full (v6)            ALLOW       Anywhere (v6)
5000 (v6)                  ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)

Despite this, when I run nmap on my local machine to the address of the server, I get this:

Starting Nmap 7.12 ( https://nmap.org ) at 2016-08-17 22:55 EDT
Nmap scan report for xxxxxxx.com (xx.xx.xx.xx)
Host is up (0.013s latency).
rDNS record for xx.xx.xx.xx: ec2-xx-xx-xx-xx.compute-1.amazonaws.com
Not shown: 996 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
443/tcp  open   https
5000/tcp closed upnp

Nmap done: 1 IP address (1 host up) scanned in 5.61 seconds

Why is port 5000 showing up as closed instead of open? What is missing here?

huertanix
  • 217
  • 3
  • 11

1 Answers1

4

So it turns out that the reason why port 5000 showed up as closed was because there was nothing running on the server yet to accept incoming connections. After running the application on the server side, it showed up as open.

Shoehorning what is essentially a trinary (available, open, closed) state into a binary one is going to inevitably cause confusion. There is no technology reason why this distinction can't be surfaced in server applications and tools. For the sake of every single human being, whom in aggregate wasted countless hours figuring this out, it should be.

huertanix
  • 217
  • 3
  • 11
  • 3
    Per nmap documentation: https://nmap.org/book/man-port-scanning-basics.html. Specifically: closed: A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. Nmap actually recognizes 6 states - this is "surfaced" in the nmap documentation. – ColtonCat Aug 18 '16 at 05:08
  • i was trying to access a Flask web server from the public IP address of an EC2 instance using the port 5000 i had forwarded. when the Flask server was running the port was open since `nmap -v -p 5000 127.0.0.1` output `5000/tcp open upnp`, and i had disabled the firewall with `sudo ufw disable`. the reason why it wasn't working was because i failed to read the Flask web server documentation that required it be run with `flask run --host=0.0.0.0`, where flag `--host=0.0.0.0` makes it an "Externally Visible Server" https://flask.palletsprojects.com/en/2.2.x/quickstart/ – Luke Schoen Nov 19 '22 at 12:29