AWS - Unable to connect to EC2 instance publically


(Ben-3) #1

I have a single node of ES running on a CentOS EC2 environment.

I wish to connect to the node remotely via the public internet, however am
unable to access using either the public ip or hostname.

My /config/elasticsearch.yml has the following entrances:

cluster.name: test-cluster
cloud:
aws:
access_key: <my_key>
secret_key: <my_secret>
discovery:
type: ec2

I have opened all ports for all traffic (for testing purposes) within the
EC2 security group.

Running: curl 172.31.42.186:9200 on the machine via SSH results in a
successful JSON response, however doing the same from a machine external to
AWS using the external ip or host fails.

On startup, I can see ES binding to the internal address, which I would
assume would be NAT'd by AWS from the external.

2013-11-24 13:11:51,094][INFO ][http ] [Azazel] bound_address
{inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/172.31.42.186:9200]}

Can anyone advise?

Regards, Ben.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Amit Soni) #2

did you check the firewall setting?

-Amit.

On Sun, Nov 24, 2013 at 5:14 AM, Ben benhagan@gmail.com wrote:

I have a single node of ES running on a CentOS EC2 environment.

I wish to connect to the node remotely via the public internet, however am
unable to access using either the public ip or hostname.

My /config/elasticsearch.yml has the following entrances:

cluster.name: test-cluster
cloud:
aws:
access_key: <my_key>
secret_key: <my_secret>
discovery:
type: ec2

I have opened all ports for all traffic (for testing purposes) within the
EC2 security group.

Running: curl 172.31.42.186:9200 on the machine via SSH results in a
successful JSON response, however doing the same from a machine external to
AWS using the external ip or host fails.

On startup, I can see ES binding to the internal address, which I would
assume would be NAT'd by AWS from the external.

2013-11-24 13:11:51,094][INFO ][http ] [Azazel] bound_address
{inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/172.31.42.186:9200]}

Can anyone advise?

Regards, Ben.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Ben-3) #3

Yes:

I have opened all ports for all traffic (for testing purposes) within the

EC2 security group.

Ben.

On Sunday, November 24, 2013 5:00:21 PM UTC, amit.soni wrote:

did you check the firewall setting?

-Amit.

On Sun, Nov 24, 2013 at 5:14 AM, Ben <benh...@gmail.com <javascript:>>wrote:

I have a single node of ES running on a CentOS EC2 environment.

I wish to connect to the node remotely via the public internet, however
am unable to access using either the public ip or hostname.

My /config/elasticsearch.yml has the following entrances:

cluster.namehttp://www.google.com/url?q=http%3A%2F%2Fcluster.name&sa=D&sntz=1&usg=AFQjCNGbdss-_rGgAY2He8KM6ZUy2TdG8g:
test-cluster
cloud:
aws:
access_key: <my_key>
secret_key: <my_secret>
discovery:
type: ec2

I have opened all ports for all traffic (for testing purposes) within the
EC2 security group.

Running: curl 172.31.42.186:9200http://www.google.com/url?q=http%3A%2F%2F172.31.42.186%3A9200&sa=D&sntz=1&usg=AFQjCNGeOdnBtGglutBnnTwVGlS7E_xNMAon the machine via SSH results in a successful JSON response, however doing
the same from a machine external to AWS using the external ip or host fails.

On startup, I can see ES binding to the internal address, which I would
assume would be NAT'd by AWS from the external.

2013-11-24 13:11:51,094][INFO ][http ] [Azazel] bound_address
{inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/172.31.42.186:9200http://www.google.com/url?q=http%3A%2F%2F172.31.42.186%3A9200&sa=D&sntz=1&usg=AFQjCNGeOdnBtGglutBnnTwVGlS7E_xNMA
]}

Can anyone advise?

Regards, Ben.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Simpsora) #4

Is your ES node running in EC2 classic, or within a VPC? If in a VPC,
there may be Network ACLs (separate to security groups) defined on the VPC
which limit inbound access to nodes in that VPC.

If not running in a VPC, how have you configured networking? Does the node
have an ENI & EIP configured? Can you access other services/ports on the
host from the outside world? Any iptables rules blocking access?

Ross

On Monday, 25 November 2013 00:14:26 UTC+11, Ben wrote:

I have a single node of ES running on a CentOS EC2 environment.

I wish to connect to the node remotely via the public internet, however am
unable to access using either the public ip or hostname.

My /config/elasticsearch.yml has the following entrances:

cluster.namehttp://www.google.com/url?q=http%3A%2F%2Fcluster.name&sa=D&sntz=1&usg=AFQjCNGbdss-_rGgAY2He8KM6ZUy2TdG8g:
test-cluster
cloud:
aws:
access_key: <my_key>
secret_key: <my_secret>
discovery:
type: ec2

I have opened all ports for all traffic (for testing purposes) within the
EC2 security group.

Running: curl 172.31.42.186:9200http://www.google.com/url?q=http%3A%2F%2F172.31.42.186%3A9200&sa=D&sntz=1&usg=AFQjCNGeOdnBtGglutBnnTwVGlS7E_xNMAon the machine via SSH results in a successful JSON response, however doing
the same from a machine external to AWS using the external ip or host fails.

On startup, I can see ES binding to the internal address, which I would
assume would be NAT'd by AWS from the external.

2013-11-24 13:11:51,094][INFO ][http ] [Azazel] bound_address
{inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/172.31.42.186:9200http://www.google.com/url?q=http%3A%2F%2F172.31.42.186%3A9200&sa=D&sntz=1&usg=AFQjCNGeOdnBtGglutBnnTwVGlS7E_xNMA
]}

Can anyone advise?

Regards, Ben.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Ben-3) #5

Hi Ross,

Any iptables rules blocking access?

You Sir are a star! IP tables was blocking my ports. Been so long since I
have used CentOS, I completely forgot to check.

Many thanks, Ben.

On Monday, November 25, 2013 4:28:52 AM UTC, Ross Simpson wrote:

Is your ES node running in EC2 classic, or within a VPC? If in a VPC,
there may be Network ACLs (separate to security groups) defined on the VPC
which limit inbound access to nodes in that VPC.

If not running in a VPC, how have you configured networking? Does the
node have an ENI & EIP configured? Can you access other services/ports on
the host from the outside world? Any iptables rules blocking access?

Ross

On Monday, 25 November 2013 00:14:26 UTC+11, Ben wrote:

I have a single node of ES running on a CentOS EC2 environment.

I wish to connect to the node remotely via the public internet, however
am unable to access using either the public ip or hostname.

My /config/elasticsearch.yml has the following entrances:

cluster.namehttp://www.google.com/url?q=http%3A%2F%2Fcluster.name&sa=D&sntz=1&usg=AFQjCNGbdss-_rGgAY2He8KM6ZUy2TdG8g:
test-cluster
cloud:
aws:
access_key: <my_key>
secret_key: <my_secret>
discovery:
type: ec2

I have opened all ports for all traffic (for testing purposes) within the
EC2 security group.

Running: curl 172.31.42.186:9200http://www.google.com/url?q=http%3A%2F%2F172.31.42.186%3A9200&sa=D&sntz=1&usg=AFQjCNGeOdnBtGglutBnnTwVGlS7E_xNMAon the machine via SSH results in a successful JSON response, however doing
the same from a machine external to AWS using the external ip or host fails.

On startup, I can see ES binding to the internal address, which I would
assume would be NAT'd by AWS from the external.

2013-11-24 13:11:51,094][INFO ][http ] [Azazel] bound_address
{inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/172.31.42.186:9200http://www.google.com/url?q=http%3A%2F%2F172.31.42.186%3A9200&sa=D&sntz=1&usg=AFQjCNGeOdnBtGglutBnnTwVGlS7E_xNMA
]}

Can anyone advise?

Regards, Ben.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(system) #6