0

I've read through this answer but for the life of me, I can't figure out this one out.

I have an Ubuntu 18 EC2 instance running RStudio Server and RStudio Connect, both using default configuration and listening on ports 8787 and 3939 respectively.

Here are my config files:

ubuntu@EC2:~$ cat /etc/rstudio/rserver.conf
# Server Configuration File
#
#

ubuntu@EC2:~$ sudo cat /etc/rstudio-connect/rstudio-connect.gcfg
; RStudio Connect configuration file

[Server]
; SenderEmail is an email address used by RStudio Connect to send outbound
; email. The system will not be able to send administrative email until this
; setting is configured.
;   
; SenderEmail = account@company.com
SenderEmail = 

; Address is a public URL for this RStudio Connect server. Must be configured
; to enable features like including links to your content in emails. If
; Connect is deployed behind an HTTP proxy, this should be the URL for Connect
; in terms of that proxy.
;   
; Address = https://rstudio-connect.company.com
Address =

[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
Listen = :3939

[Authentication]
; Specifies the type of user authentication.
Provider = password

Here's what I've tried:

  1. Created inbound rules for ports 8787, 3939 and all TCP ports in my security group. security-group

  2. Checked the Network ACL for the subnet the instance is on network-acl

  3. Ensured that rstudio-server and rstudio-connect are running and listening on all interfaces and not just localhost

ubuntu@EC2:~$ netstat -ltpn
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8787            0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::8787                 :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 :::3939                 :::*                    LISTEN      -
  1. Checked that ufw is inactive
ubuntu@EC2:~$ sudo ufw status
Status: inactive
  1. Created an iptables rule for port 8787
ubuntu@EC2:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8787

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I still can't access port 8787 or 3939 externally. However I can access them both on the host using Lynx.

If I change RStudio Server's configuration to have it use port 80 instead, I can access it externally but it doesn't work for ports 8787 or 3939.

Any ideas why and how to fix this?

Vinayak
  • 1,103
  • 3
  • 18
  • 40

1 Answers1

1

I just figured out the answer myself. There was absolutely nothing wrong with my configuration. Opening up all the TCP ports in my security group was a bit overkill maybe and entirely unnecessary, so don't do that.

The issue was that the corporate network I am connected to blocks outbound traffic to external hosts on certain non-standard ports.

If you're in the same boat as me and need to host 2 services on the same EC2 instance but don't know which ports are unavailable/blocked by your organization then you could use nmap and portquiz.net to figure it out.

nmap is a port scanner and portquiz.net is a service that listens for connections on all TCP ports. You could scan the host using nmap over a range of TCP ports you're interested in using and see which ports show up as open

nmap -v -p0-8000 portquiz.net
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-02 16:47 IST
Initiating Ping Scan at 16:47
Scanning portquiz.net (5.196.70.86) [2 ports]
Completed Ping Scan at 16:47, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:47
Completed Parallel DNS resolution of 1 host. at 16:47, 0.14s elapsed
Initiating Connect Scan at 16:47
Scanning portquiz.net (5.196.70.86) [8001 ports]
Discovered open port 22/tcp on 5.196.70.86
Discovered open port 80/tcp on 5.196.70.86
Discovered open port 443/tcp on 5.196.70.86
Discovered open port 21/tcp on 5.196.70.86
Discovered open port 4080/tcp on 5.196.70.86
Completed Connect Scan at 16:48, 84.98s elapsed (8001 total ports)
Nmap scan report for portquiz.net (5.196.70.86)
Host is up (0.13s latency).
rDNS record for 5.196.70.86: electron.positon.org
Not shown: 7996 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
4080/tcp open  lorica-in

Here, I have 4080 and 80 open so that means the corporate firewall isn't blocking outbound traffic to these ports. After configuring RStudio Server and RStudio Connect to listen on ports 80 and 4080 respectively, I'm now able to access both services externally.

Vinayak
  • 1,103
  • 3
  • 18
  • 40