I am new to AWS. I have created a Spring Web app and a database(MySql) in a EC2 instance (which is working fine). In my web application, I am connecting to a database that is in another server to read and write to this other database.
So, This database is not a MYSQL database. The network admin has opened up the port 3306 for this EC2 instance to access the database from EC2. So, the problem is in my end.
I have opened up the 3306 port (My SQL) in the security group. But when I telnet the port, the connection fails. I can see that in EC2 127.0.0.1:3306 is listening just like 80.
So my question is, what am I missing here?
What are the options to trouble shoot this issue?
Do I have to authorize the tomcat user or Bitnami user to access ports to connect to an outer database?
Anything relevant to this issue would be helpful
thanks in advance :)
If its listening on 127.0.0.1:3306 it is listening locally only and is not accessible form outside. If you change that to 0.0.0.0:3306 make sure your security groups are configured to only allow access to your database from your own instances. Dont just "open up 3306", open up 3306 only to the same security group or the security group your application spring server is in.
You say its not a mysql db, yet it uses mysql default port 3306. Thats a bit confusing. If its mysql you need to change the bind-address in my.cnf.
I think you need to give permissions to user like "dbuser#192.168.1.5" where IP is the IP from dbuser is trying to access the database.
Krish
It seems, This question is stupid, But then, This was a real problem. So, I will summarize what I learned and answer the question. IP Addresses are categorized into types, minimize the exhaustion of IP addresses (That is why we moved from IPV4 to IPV6). Anyways, there are Public IP addresses and Private IP addresses. Private IP addresses are for local networks and Public IP addresses are for accessing through the internet. So, What I did was, I opened up the port for the connecting Servers public IP address (It turned out to be PORT is not 3306, It was 2001 in my case, You only have to do it through Security Groups because my default all the outbound ports are open for EC2) and also, from the other end TCT PORT was opened for EC2. To do that I had to create a Elastic IP address for my EC2 (What Elastic IP address do is, it assigns a Public IP address that will not change when EC2 get restarted or changed). Then it should connect, For me it did not work till I created the Elastic IP
Related
I'm trying to restrict access to my RDS SQL Server instance to my office IP and all resources in my VPC.
This is what I've tried:
MSSQL TCP 1433 xxx.xxx.xxx.xxx/32 Our Office IP
MSSQL TCP 1433 yyy.yy.y.y/16 Our AWS VPC (IPv4 CIDR)
This seems to be working but I have some doubts:
I'm not confident this is the correct approach
Can the VPC IPv4 CIDR change on it's own
I'm not confident this is the correct approach
This is one way of doing this. Its not perfect, but better then exposing your RDS to the entire internet. The better way would be to keep your RDS fully private (no public IP), and access is through VPN from your office, ssh tunnel if you need it for only testing and development.
Can the VPC IPv4 CIDR change on it's own
No it can't.
A client wants to open up their firewall to allow our app on their server to connect to our Azure SQL Server by adding the IP Address of the Azure SQL Server to their firewall.
Of course on our side we add their static IP address to our Azure SQL Server's firewall to allow inbound access.
The part were they are requesting the IP address of our Azure SQL Server:
Please can you supply us the Public IP of this server in Azure as this IP you have given is a Private IP.
We restrict traffic to SQL server to only allow from approved IPs.
Can you furnish us with the External Server IP and the Ports the system uses so we can create Firewall rules for you.
How would I go about getting the IP address for the Azure SQL Server?
Could it be referring to this list: Gateway IP addresses
You are correct, article describes connectivity from outside to Azure SQL Server
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture#connectivity-from-outside-of-azure
and range of IP addresses of the Gateway that pass traffic from outside to Azure SQL Server
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture#gateway-ip-addresses
As long as they are not blocking outgoing traffic in their firewall, you should be good to go without having the IP address of the SQL Server, right? You might need some ports to open up, though.
On-topic: you can download a file that contains the Azure IP Ranges and Service Tags for the public Azure cloud.
This file contains the IP address ranges for Public Azure as a whole, each Azure region within Public, and ranges for several Azure Services (Service Tags) such as Storage, SQL and AzureTrafficManager in Public. This file currently includes only IPv4 address ranges but a schema extension in the near future will enable us to support IPv6 address ranges as well. Service Tags are each expressed as one set of cloud-wide ranges and broken out by region within that cloud. This file is updated weekly. New ranges appearing in the file will not be used in Azure for at least one week.
As stated in the quote the file is updated weekly, so could mean weekly updates are needed on their end.
Try to open powershell... run tnc {xxx-xxx-xxx}-sqlserver.database.windows.net -port 1433
I have tried to connect a page which is hosted in ec2 instance. It is showing server timed out error but rest of my collegues able to connect to it.
I use mac laptop
Things i did:
clearing cache
tried to change my network
3.tried in incognito mode
nothing works. Thanks in advance
Things to normally check:
Confirm that the EC2 instance is running a web server (try to access it from somewhere else, or login to the instance and try curl localhost)
Confirm that the EC2 instance is in a public subnet (defined as the subnet having a Route Table entry that points to an Internet Gateway)
Confirm that the Security Group associated with the EC2 instance is permitting inbound access on port 80 (for HTTP) and possibly port 443 (for HTTPS)
Confirm that you are attempting to access the instance via a public IP address (not a private IP address) and that the public IP address is currently associated with the instance
Don't change default NACL rules
You mention "rest of my colleagues able to connect" but you don't mention from where they are accessing the instance. Quite clearly, something is either different with your computer or with the network that you are using. I would suggest you focus on:
The Security Group "inbound" rules, to confirm that they are not blocking access
Try to connect from a different network (eg home vs office vs tethered via your phone) to confirm that your network is not blocking access
If you are connecting from the same network as your colleagues, then the problem is on your computer. This is unlikely because the timeout normally indicates a lack of network connectivity (rather than software configuration).
I'm setting up an Active Directory in Windows 2012 for user authentication in Windows 10. Server and client PCs are not in the same area, therefore, it is a Wan connection.
For testing purposes, all firewalls are off. Server's public IP is 34.207.231.151 and a has a local IP 172.31.13.53. DNS in the server is active and correctly points the desired domain adir.school1.com to local IP. Client PCs use the server's public IP as DNS, that works well because if I ping adir.school1.com, I get the servers local IP.
If I try to join the clients to the domain it says Cannot contact with an Active Directory Domain Controller in the domain. In the details it says that the DNS was successfully query and it identified a domain controller but it cannot contact the Domain Controller.Which is expected as it cannot connect to 172.31.13.53 outsdie the LAN. How do I configure my ADDS to be reachable outside the LAN?
It looks like about your network configurations. I draw a basic network configuration.
Also you can see a wan network here. Gateway is very important at this point.
In order to use ADDS through WAN, you do need a VPN. I could not use this solution, though, because the admins of the network did not want to open the required ports for VPN overt the firewall.
The solution was to change the network configuration of the entire campus so our virtual server became part of the internal nerwork (which is a bunch of LANs with gateways) and voila!, the ADDS was reachable from all other computers. Still, not accesible outside the campus, but inside it works perfectly.
How could to connect to Azure DB from any ip that uses Azure,
Without setting the range 0.0.0.0 - 255.255.255.255 in the firewall?
If by connect to Azure DB from any ip that uses Azure you mean any applications running in Azure, then it is possible to do so. In the portal where you configure firewall rules, simply turn on "Allow access to Azure services".
What this does is that it creates a special firewall rule with Start/End IP address as 0.0.0.0. You will not see this firewall rule in portal though.
To do this thing programmatically, simply create a new firewall rule and set the Start/End IP address as 0.0.0.0.
However if your question is about any client IP address that connects to your database, then I would agree with #Aravind's comment above. You should not allow direct connection to your databases from anywhere but only facilitate it via a proxy service/API layer as mentioned by him.