curl 7 Failed to connect to 192.168.99.100 port 31591 Connection refused
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
curl: (7) Failed to connect ... Connection refused means the target IP was reachable, but nothing accepted the TCP connection on that port. With an address like 192.168.99.100, the issue often shows up in local VM or Kubernetes setups, where the service, NodePort, or port exposure no longer matches what the client expects.
What "Connection Refused" Actually Means
This error is different from a timeout. A timeout suggests packets disappeared or were filtered. A refusal means the host answered quickly and said, in effect, "no listener is accepting connections on that port."
That narrows the problem to a few likely causes:
- the process is not running
- the service is listening on a different port
- the application is bound only to loopback
- the container or Kubernetes service is not exposing the port correctly
Check The Listener First
If you can reach the host that owns the IP, verify whether anything is actually listening:
If nothing is listening on 31591, curl is doing exactly what it should. Fix the service before doing deeper network debugging.
Also test locally on that host:
If loopback works but the host IP does not, the service may be bound only to 127.0.0.1 instead of 0.0.0.0.
If This Is Docker, Check Port Publishing
For containers, it is common to forget the host-to-container port mapping:
If the application listens on port 3000 inside the container but Docker never published it to 31591 on the host, the host-side curl will fail.
A correct run command might look like:
Without that mapping, the container may be healthy while the host port stays closed.
If This Is Kubernetes, Check The Service And Endpoints
The address 192.168.99.100 is commonly associated with local cluster tools such as older Minikube VM setups. In that case, inspect the service:
If the service has no endpoints, the selector probably does not match the pods. If the NodePort is not actually 31591, the client is hitting the wrong port.
It is also worth verifying the current cluster IP:
If the VM IP changed after a restart, a previously working hard-coded address can become stale.
Prefer Narrow, Repeatable Tests
Use several simple probes instead of guessing:
If port-forward works but the NodePort does not, the application is probably fine and the issue is with cluster exposure, NodePort mapping, or local VM networking.
That comparison saves time because it separates application failure from routing and exposure failure.
Common Pitfalls
One common mistake is assuming "connection refused" means DNS trouble. DNS was already bypassed or succeeded by the time the refusal happened.
Another issue is debugging firewalls first even though the port is simply not listening anywhere.
A third problem is hard-coding a local cluster IP such as 192.168.99.100 and forgetting that the VM or cluster network can change after restarts.
Finally, in Kubernetes setups, developers often inspect pods but forget the service selector and endpoint objects, which are usually where NodePort exposure problems become obvious.
Summary
- '
curlerror 7 with "connection refused" usually means the host is reachable but no process is accepting that port.' - Verify the listener before investigating broader network causes.
- In Docker, confirm the host-to-container port publishing.
- In Kubernetes, check the service, NodePort, endpoints, and current cluster IP.
- Compare direct access with
kubectl port-forwardor local tests to isolate where the connection path breaks.

