EC2 automatically adding DENY All Traffic rule in Network ACL (Unable to edit the rule)

Question

My website (korrade.com) always shows up "Connection Timed Out" error, even though in my security group "Port 80" is shown open, and SSH works fine over Port 22(No Issues). I have only ALLOW rules in my security group.

Upon debugging, I found these Network ACL rules, out of which 1 seems strange as its getting automatically added by AWS.

I believe the inclusion of this rule is causing the website to not open. Or I think something else serious is there. As of now, this is the obs from my side..

1. I have Security Group configured, with only ALLOW rules
2. /sbin/iptables -L (showing nothing)
3. Telnet status of Port 80 says CLOSED
4. Firewall Status: not Loaded

Please help anyone... Much appreciated!

Post editing NACL & SG,

Security Group Screen

SSH over WinSCP

Answer 1

The * rule in a Network Access Control List (NACL) is a catch-all for any packets that do not meet any of the numbered rules.

The NACL in your picture will Allow any HTTP and SSH traffic. All other traffic will be Denied.

Security Groups default to Deny all inbound traffic and Allow all outbound traffic. You should then typically add rules to the Inbound traffic based upon the needs of your application and server.

NACLs default to Allow all inbound & outbound traffic. Traditionally, there is no need to edit a NACL because the Security Group is more appropriate. However, a NACL is Stateless, which means you need to specifically permit traffic in both directions -- inbound an outbound.

I would recommend:

• Unless you have a good reason, reset your NACLs to default (100, All traffic, Allow) for both Inbound and Outbound
• Try connecting to web server via its Public IP address rather than DNS Name (to test connectivity)

If problems persist, you can Edit your question to show your Security Group settings.