Background
Oracle cloud is giving out always free instance/db/warehouse, so I decided to give a try for potential use of our church website.
Application
Applying a new account take a while, unlike AWS you can use it immediately after creation, this one seems to take some manual check so after 2 days of review, the account was approved.
New Instance
The UI is fine given it is a new play here. I went ahead and created an instance with Ubuntu 18.x image. By couple of clicks, the instance along with a new virtual cloud network which I guess is vpc equivalent as well as new route-table/internet-gateway/Security-List(NACL)/public-subnet. So after ssh into the box and installed the necessary stuff(fish/nvim/tmux etc), I put nginx there and started it at the default port 80.
Network Security Group
I was getting timeout on 80, which is sort of expected, so I was trying to find the SG equivalent which is NSG(Network security group) here and created a new rule to allow ingress port 80. Do nc -vz IpAddress 80 again, now I get connection refused. So I went to the nginx log and see no access there. Something must be blocking the traffic on the instance/network level.
More troubleshoot
First thing came to mind was the Network-List which is the NACL in aws, double-checked that nothing is explicitly blocking ports there. The next thing is ufw in ubuntu so after running ufw status, I can confirm that it is inactive.
Real cause: iptables
Final turn is to check iptables setting, the config file is on /etc/iptables/rules.v4, or use sudo iptables --list --line-numbers to view details. Turns out there are some Reject on the CHAIN INPUT, which is the cause of rejection.
One way to correct is comment out the REJECT lines inside the rules.v4 file. Then use iptables-restore < /etc/iptables/rules.v4 to reload the rule. We can also do sudo iptables -D INPUT LineNunber to remove the related reject.
Another brutal way is to just do iptables -F to flush all the rule.
