Issue
I want to only ALLOW ssh and port 8000 connection on my EC2 machine in AWS.
I set my inbound and outbound connection to ALLOW port 22 and 8000 (see pictures below).
Inbound:
Outbound:
But When I try to curl/SSH into the machine it does not works, unless I set ALL_TCP port to be opened on the outbound connection (like in the picture below).
Of course, I can open the ALL TCP Port but I do this for the sake of experimenting with the NACL.
Why?
Solution
This is due to ephemeral ports:
To enable the connection to a service running on an instance, the associated network ACL must allow both inbound traffic on the port that the service is listening on as well as allow outbound traffic from ephemeral ports. When a client connects to a server, a random port from the ephemeral port range (1024-65535) becomes the client's source port.
Reference : https://aws.amazon.com/premiumsupport/knowledge-center/resolve-connection-sg-acl-inbound/
Answered By - AWS PS