Oracle Cloud: No route to host

While browsing the internet during the holiday period I stumbled across Oracle Cloud (OCI), which comes with a rather generous free tier. This seemed liked a good offer for experimenting, particularly as it comes with 24 GB of usable memory/4 cores for ARM-based VMs in the smallest tier.

However, after setting up my VM instance using Oracle’s Ubuntu image, configuring the ufw firewall to allow connections on port 80/443 and also configuring what Oracle calls a Security List to accept incoming connections on these ports, I still couldn’t get any response from my nginx web server. HTTP requests send via curl would fail with “No route to host”:

$ curl
curl: (7) Failed to connect to port 80: No route to host

Took me a while to figure out Oracle’s instances come with preconfigured and rather restrictive iptables rules. This is something I hadn’t seen elsewhere before.

So here’s what I did to fix things:

  1. Removed iptables-persistent with sudo apt remove iptables-persistent
  2. Disabled ufw with sudo ufw disable (this will remove iptables rules previously created by ufw)
  3. Delete all existing iptables rules with sudo iptables -F
  4. List current iptables rules with sudo iptables -L -n -v to make sure the previous step was successful. All chains should show ACCEPT policies.
  5. Enabled ufw again with sudo ufw enable (ufw will now add it’s own iptables rules again)

In combination with my Security List’s Ingress rules I was now able to send HTTP requests to my Ubuntu VM hosted on Oracle’s Cloud:

Successful curl request
Successful nginx request
Also success, but this time as seen through the browser