Home > Back-end >  SSH connection timed out via port forwarding, but not via direct access
SSH connection timed out via port forwarding, but not via direct access

Time:01-11

I am trying to port forward on an EC2 instance that has access rights on an RDS instance.

  • This grants me access to the VM that has the correct rights on the RDS instance. via ssh:
<my_user>@<my_local_machine>:~$ ssh ubuntu@ec2-<my_ip>.<my_region>.compute.amazonaws.com

# Connection successful,
ubuntu@ip-<my_ec2_private_ip>:~$ telnet <my_rds_database_endpoint>.<my_region>.rds.amazonaws.com 5432
Trying 10.0.30.11...
Connected to <my_rds_database_endpoint>.<my_region>.rds.amazonaws.com.
Escape character is '^]'.
Connection closed by foreign host.
  • Accessing the database is also OK from the VM I previously accessed:
psql -U <my_user> -h <my_rds_database_endpoint>.<my_region>.rds.amazonaws.com -d <my_database>
  • Performing portforwarding this way does not seem to work
ssh -N ubuntu@ec2-<my_ip>.<my_region>.compute.amazonaws.com -L 5432:<my_rds_database_endpoint>.<my_region>.rds.amazonaws.com:5432

-> This successfully runs, but on my (dagster) process that attempts to connect to this instance, I get :

sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) connection to server at "<my_rds_database_endpoint>.<my_region>.rds.amazonaws.com:5432" (<my_rds_ip>), port 5432 failed: Connection timed out
    Is the server running on that host and accepting TCP/IP connections?

Here is a digest of testing the connectivity of my components: graphic represenatation of problem

Via nmap from my localhost:

nmap ec2-<my_ip>.eu-west-3.compute.amazonaws.com -PN -p 5432
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-10 10:33 CET
Nmap scan report for ec2-<my_ip>.eu-west-3.compute.amazonaws.com (<my_ip>)
Host is up.

PORT     STATE    SERVICE
5432/tcp filtered postgresql
nmap <my_rds_database_endpoint>.<my_region>.rds.amazonaws.com -PN -p 5432
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-10 10:33 CET
Nmap scan report for <my_rds_database_endpoint>.<my_region>.rds.amazonaws.com (<my_rds_ip>)
Host is up.

PORT     STATE    SERVICE
5432/tcp filtered postgresql
nmap localhost -PN -p 5432
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-10 10:34 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000070s latency).

PORT     STATE SERVICE
5432/tcp open  postgresql

I found this post with the same issue, but unfortunately no detailed solution.

What am I missing?

CodePudding user response:

Having created a tunnel, you then have to use it. According to the error message, you are still trying to connect to the rds instance directly. You need to point your database client at your end of the tunnel, with something like psql -h localhost -U <my_user> -d <my_database>. The tunneling software then makes that pop out the other end and connect to the desired endpoint.

  • Related