When deploying an applications on a Linux Virtual Machine (VM) in CloudPe, ensuring that the required ports are open and listening is crucial for making your services accessible from the internet. Even after configuring the network firewall (security group), you may find that your application is still not reachable.
This knowledge base article walks you through step-by-step troubleshooting to determine if a port is in a listening state and accessible.
Why It’s Important to Check Port Listening State
Even though CloudPe Default Security Group sets all inbound and outbound rules to allow by default, your application may still be inaccessible due to:
- The application not listening on the expected port.
- The application bound only to
127.0.0.1instead of0.0.0.0. - The OS-level (software) firewall blocking the port.
🛠Step-by-Step Troubleshooting Guide
Step 1: Check if the Application is Listening on the Port
Use the following command to check if the application is actively listening:
# sudo netstat -tulnp | grep 3000
# sudo ss -tuln | grep 3000
What to look for:
0.0.0.0:3000➜ App is listening on all interfaces (including public IP).127.0.0.1:3000➜ App is listening only on localhost (NOT accessible externally).
Step 2: Change Application Binding (If Needed)
If the application is bound to 127.0.0.1, change it to bind to 0.0.0.0.
Example for Node.js:
app.listen(3000, '0.0.0.0', () => {
console.log("App running on port 3000");
});Then restart your application.
Step 3: Check OS-Level Firewall Status
Depending on your VM’s Linux distribution, check if the OS-level firewall is active.
For Ubuntu/Debian (UFW):
# sudo ufw status
For CentOS/RHEL/AlmaLinux (firewalld):
# sudo firewall-cmd --state
Step 4: Allow the Port in OS Firewall
If the firewall is active, allow the required port.
For UFW:
# sudo ufw allow 3000/tcp
For Firewalld:
# sudo firewall-cmd --permanent --add-port=3000/tcp
# sudo firewall-cmd --reload
Step 5: Test External Connectivity
From your local Linux machine, test if the port is accessible using telnet or curl.
Telnet:
# telnet <Your-VM-Public-IP> 3000
Curl (for web services):
# curl http://<Your-VM-Public-IP>:3000
Success/Connected means the port is open and your application is accessible.
Summary
Here’s a quick checklist to debug port accessibility in CloudPe:
| Step | Description |
|---|---|
| 1 | Verify application is listening (netstat or ss) |
| 2 | Change binding from 127.0.0.1 to 0.0.0.0 if needed |
| 3 | Check OS firewall status (UFW/firewalld) |
| 4 | Allow port in OS firewall |
| 5 | Verify externally via telnet or curl |
Following this guide ensures your application is properly configured for public access in CloudPe.