Cannot connect to other instances within an AWS LAN

My client installed several AWS instances, all in the same region/datacenter. My task is to install a Redis and a Postgresql instance on one of the machines and make the data store/database accessible from another box. The database server has LAN IP 172.26.14.232 and the server running the db client has IP 172.26.0.215. Postgres is up and running on the database server, checked this using netstat: [ubuntu@ip-172-26-14-232 DATABA ~]$ sudo netstat -tulpn | grep postgre tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 4539/postgres When I try to connect client box, I get a "connection refused", as if there would be a firewall blocking the access, netcat confirms this: [ubuntu@ip-172-26-0-215 GATE01 ~]$ sudo psql "sslmode=require" --host 172.26.14.232 --user=postgres --password Password for user postgres: psql: could not connect to server: Connection refused Is the server running on host "172.26.14.232" and accepting TCP/IP connections on port 5432? [ubuntu@ip-172-26-0-215 GATE01 ~]$ nc -vz 172.26.14.232 5432 nc: connect to 172.26.14.232 port 5432 (tcp) failed: Connection refused As far as I a can see there is just one port to which I can connect using nc: [ubuntu@ip-172-26-0-215 GATE01 ~]$ nc -vz 172.26.14.232 22 Connection to 172.26.14.232 22 port [tcp/ssh] succeeded! My client says he removed all firewall rules, but then I do not understand the result given above. Somewhere I have read that AWS blocks outbound traffic in such networks, but I cannot check this myself since I have no access to the management console. Bonus question ;-) Found the following on this site: > netcat -vzw 15 domain.com 21 > > If successful, you’ll see: > > Connection to domain.com 21 port [tcp/ftp] succeeded! > > If the port connection is blocked or rejected, you’ll see: > > nc: connect to domain port 21 (tcp) failed: Connection refused The author possibly makes a difference between "blocked" and "rejected", whereby I assume that, in the latter case, it is meant that there is a fw rule "DENY" installed for this port, but I have no clue what he means by "blocked". Is there a second technical possibility or does he just use "blocked" and "rejected" synonymously? EDIT: ----- Astonishingly, it is possible to setup a client-server connection using nc (after shutting down the db): [ubuntu@ip-172-26-14-232 DATABA ~]$ nc -l 5432 [ubuntu@ip-172-26-0-215 GATE01 ~]$ nc 172.26.14.232 5432 hello And on 172.26.14.232 we get: hello