安全组中的 AWS 端口但无法连接 [英] AWS Port in Security Group but Can't Connect

问题描述

我有一个包含 80、443、22 和 8089 的安全组.

I have a Security Group that has 80, 443, 22, and 8089.

Ports  Protocol   Source    security-group
22      tcp      0.0.0/0      [check]
8089    tcp      0.0.0/0      [check]
80      tcp      0.0.0/0      [check]
443     tcp      0.0.0/0      [check]

但是，当我使用 Python 程序测试连接时，我写道:

However, when I test the connection using a Python program I wrote:

import socket
import sys

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p = sys.argv[1]
try:
    s.connect(('public-dns', int(p)))
    print 'Port ' + str(p) + ' is reachable'
except socket.error as e:
    print 'Error on connect: %s' % e
s.close()

不过，我对除 8089 以外的所有端口都很好:

However, I'm good with all ports but 8089:

python test.py 80
Port 80 is reachable
python test.py 22
Port 22 is reachable
python test.py 443
Port 443 is reachable
python test.py 8089
Error on connect: [Errno 61] Connection refused

推荐答案

之所以能够通过 localhost (127.0.0.1) 而不是从外部成功连接，是因为您的服务器应用程序仅在 localhost 适配器上进行侦听.这意味着只有源自实例本身的连接才能连接到该进程.

The reason why you are able to connect successfully via localhost (127.0.0.1) and not externally is because your server application is listening on the localhost adapter only. This means that only connections originating from the instance itself will be able to connect to that process.

要更正此问题，您需要将应用程序配置为侦听接口的本地 IP 地址或所有接口 (0.0.0.0).

To correct this, you will want to configure your application to listen on either the local IP address of the interface or on all interfaces (0.0.0.0).

这鞋说错了(听127...):

This shoes that it is wrong (listening on 127...):

~ $ sudo netstat -tulpn | grep 9966
tcp        0      0 127.0.0.1:9966          0.0.0.0:*               LISTEN      4961/python 

这里工作正常(使用所有接口):

Here is it working right (using all interfaces):

~ $ sudo netstat -tulpn | grep 9966
tcp        0      0 0.0.0.0:9966            0.0.0.0:*               LISTEN      5205/python

这篇关于安全组中的 AWS 端口但无法连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！