views:

318

answers:

2

Assume that I want to listen to a non-common port (9090 for example) 24/7 and send data on another non-common port (8980 for example).

Is that possible in an Amazon EC2 instance? (Windows 2003 or 2008)

Note: I have done some search and I have found that if I want to do so; then I have to open ALL ports; which does seem wrong to me.

+4  A: 

Yes, it is possible.

There is nothing special about the environment that would prevent you from doing so. That said, you will have to modify the security group(s) for the instances so as to allow this communication. And ensure any instance-level firewalling allows this communication also.

You should not have to open all ports, that is for sure! Where did you get that from?

Stu Thompson
"Where did you get that from?": I think I'v read it in some unofficial context like a blog.Thanks for your answer. I did not know if it is possible to do so; or Amazon is managing all security issues by their infrastructure including firewalls and the rest.
Kaveh Shahbazian
A: 

It's definitely possible, but note that EC2 does not offer Windows 2008 yet - just Windows 2003.

EC2 itself has an inbound firewall which is controlled by the Security Groups you've set up for your account. EC2 instances might be running a software firewall, which can control both inbound and outbound traffic. The most common software firewall is iptables - if it's running then you'll likely need to configure it to allow both ports to pass through (one inbound, the other outbound).

In any case you'd need to set up your security group to allow access to the listen port, either from the entire internet (CIDR 0.0.0.0/0) or a sub-network range. You can do this from the AWS Management Console web interface.

Then, on the instance itself, you'd forward the traffic any where you want. Use whatever software you want to perform this forwarding.

Shlomo Swidler