ec2 instance will not allow connections to port from within instance after opening port on security group

NotGaeL asked:

I have an EC2 instance on a security group that allows ports 80, 443 and 22 (tcp, inbound from 0.0.0.0/0 and ::/0); and every outbound connection (to 0.0.0.0/0 & ::/0, all tcp & udp).

I’ve recently set up a mail server, so I’ve added port 25/tcp from 0.0.0.0/0 and ::/0 as well.

Now I can connect to my mail server from any external hosts using the public ip as expected, no issues there.

I can also connect from within the instance using localhost as hostname or 127.0.0.1 as ip.

But I am unable to connect to the instance on port 25 from within the instance using its public ip or hostname. I don’t get a connection refused or anything, just a timeout.

I do not have this issue with any of the other open ports in the instance, I can perfectly telnet to port 80, 443 or 22 using the public ip within the instance shell.

I’ve tried rebooting, stop/start, and even creating a new security group from scratch and switching the instance to it. Still the same result: External connections OK, internal connection using public ip fails only on that port.

iptables looks fine, I see no restrictions or permissions that would affect this port and not the others.

no firewall is enabled on this instance (Debian buster)

mail server is postfix (I do not know if that makes any difference. If it is in fact a postfix config issue I am baffled that I cannot see anything on server logs and it is allowing every other connection source…)

My answer:


But I am unable to connect to the instance on port 25 from within the instance using its public ip or hostname. I don’t get a connection refused or anything, just a timeout.

Amazon EC2 doesn’t allow outbound SMTP traffic from instances (unless you’ve applied for and received an exception for your account). This means you can’t reach your server’s SMTP server — or anyone else’s — by its public IP address.

If you need to connect to the local host, connect to localhost.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.