4

I’m using Windows Server on AWS and need to open various ports for the REST server, remote debugger, and so on. I’ve configured them in the three places I’m aware of:

  • Windows Firewall
  • AWS Security Group
  • AWS Lightsail Inbound Rules

I’ve set the ports in all three, but they’re still not open. What might I have forgotten or done wrong?

I am still not sure whether I need both the Security Group and Lightsail Inbound Rules. I am hoping that they are not interacting with each other.

REST

I got the REST Server working. Foolishly I thought that setting the inbound rule in Windows, bound to an application would be safest. But it doesn't work.

DEBUGGER

I cant get the Delphi remote debugger (PAServer) working. It needs port 64211. What have I stuffed up or forgotten.

Lightsail Inbound Rule (tied to my IP address)

enter image description here

Security Group (tied to my IP address)

enter image description here

Windows Firewall

enter image description here

Error at Client in the Delphi IDE, setting up Connection Profile Manager

Connection to 'host-name' on port 64211 failed. Please make sure that 'Platform AssistantServer' is running on the host machine and is configured to use port 64211

I have tried both 'static-ip' and 'host-name'. The hostname works for the REST server and the website. The Server is running and using this port. I have tested with no password at both ends, and with a password at both ends.

To show the server side is running

Platform Assistant Server Version 14.2.14.0
Copyright (c) 2009-2024 Embarcadero Technologies, Inc.

Connection Profile password :

Starting Platform Assistant Server on port 64211

Rohit Gupta
  • 604

3 Answers3

4

Did you actually try to have something connecting to your open ports? Because if you didn’t, then an actually ‘open’ port will come up as ‘closed’ on the port scan. Yeah, it’s a rookie mistake, but I think most of us got caught by it at least once in our network lives.

El Marinero
  • 709
0

REST

I got the REST Server working. Foolishly I thought that setting the inbound rule in Windows, bound to an application would be safest. But it doesn't work. I changed it to normal port number rule.

DEBUGGER

  • There was a typo in my Windows firewall with port number - correcting that still did not work.
  • I discovered that PAServer uses 64212 as an alternate, so I added that anyway. It still did not work.
  • The trick was that I found that PAServer launches rmtdbg290.exe. So I added both as program rules (for any port) in Windows Firewall. The AWS rules are still protecting me by restricting only ports 64211 and 64212 and to my IP address.
Rohit Gupta
  • 604
-1

If this was a normal EC2 instance running in AWS, you'd look at the Network --> Security Groups, and created an incoming rule to allow this connection from your source IP of 101.whatever, to the destination port 64211/tcp.

But you're also mentioning AWS Lightsail which seems to be an extra-low cost VPS for resellers, and not a full-fat EC2 virtual. Which is it ?

Criggie
  • 2,328
  • 15
  • 27