0

I have an instance m3 large both the instance and the security group are outside vpc. I'm running a simple server application at port 5674. the port 5674 is open to all in the security group. still my client code is not able to reach the port when given the public ip. The error it gives is EHOSTUNREACH

At Server side this is the response of

netstat -atn

tcp6 0 0 :::5674 :::* LISTEN

At Client

netcat -v myPublicIp 5674

connect to myPublicIp port 5674 (tcp) failed: No route to host

what could be the reason ? same client program works if I give localhost as the host.

It doesn't even work from the same system .

mehnaazm
  • 287
  • 1
  • 4
  • 14
  • I think you should create security group in VPC where your instances are running on. – Kumaresh Babu N S Mar 06 '17 at 13:02
  • EHOSTUNREACH - the route is not found for that particular host. – Kumaresh Babu N S Mar 06 '17 at 13:04
  • Could you please provide more information about your configuration? Is your instance in a public subnet or a private subnet? Does it work if you try to connect from a computer that is on the Internet (outside of AWS)? – John Rotenstein Mar 07 '17 at 02:39
  • the instance is not in VPC . its publicly accessible . the ports are not working from outside . even inside if i give the public ip as the hostname . – mehnaazm Mar 07 '17 at 05:34
  • @KumareshBabu yes it gives EHOSTUNREACH - the route is not found for that particular host. – mehnaazm Mar 07 '17 at 05:34
  • @mehnaazm Based upon the question, you have to create security group in a VPC where EC2 instance are running on. Replace new security group with existing security group in an EC2 instance. – Kumaresh Babu N S Mar 07 '17 at 06:14
  • both are outside vpc the SC and the instance – mehnaazm Mar 07 '17 at 06:58

1 Answers1

0

The only case an instance is outside VPC is EC2-classic. If this is your case then consider moving to EC2-VPC because you have a lot of restrictions.

If you create the account within the last year or two then your instance IS in VPC and there's just no way to do otherwise.

Check your subnet, all SGs, NACLs. If you can SSH there from your desktop without a jump box then routing is OK, otherwise check it too.

Putnik
  • 5,925
  • 7
  • 38
  • 58