AWS vpc从公共子网访问Internet
[英]AWS vpc access the Internet from public subnet
问题描述
I configured public subnet on my VPC and add some Security Groups and NACL roles... I notice that when I set on NACL these roles in the inbound section : 
我在VPC上配置了公共子网,并添加了一些安全组和NACL角色...我注意到,当在NACL上设置这些角色时,它们在“入站”部分中:
100 SSH (22) TCP (6) 22 0.0.0.0/0 ALLOW
200 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW
300 HTTPS (443) TCP (6) 4430.0.0.0/0 ALLOW
I didn't got access to the internet !!! 我无法访问互联网! :( :(
unless I added this role in the inbound section: 400 ALLTraffic ALL ALL 0.0.0.0/0 ALLOW 除非我在入站部分中添加了此角色:400 ALLTraffic ALL ALL 0.0.0.0/0 ALLOW
(after adding this role, I succeeded to get internet access by running "yum update" for example...) (添加此角色后,我通过运行“ yum update”成功获得了互联网访问权限...)
It is really necessary or I configured somethings wrong ? 真的有必要还是我配置错误?
1 个解决方案
解决方案1
3 已采纳 2015-09-24 21:53:26
- Security Groups are stateful and automatically allow return traffic. 安全组是有状态的,并自动允许返回流量。
- Network ACLs are stateless and require you to provide inbound rules. 网络ACL是无状态的 ,要求您提供入站规则。
This is why you could get access to the internet once you added the 400 ALLOW Network ACL rule. 这就是为什么一旦添加400 ALLOW Network ACL规则即可访问Internet。
Depending on your requirements, you may not need Network ACLs at all instead relying on the Security Groups alone. 根据您的要求,您可能根本不需要网络ACL,而仅依赖安全组。
-- -
AWS VPC Security Groups and Network ACLs have different but complementary behavior. AWS VPC安全组和网络ACL具有不同但互补的行为。
This documentation describes the difference in detail. 本文档详细描述了差异。
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html#VPC_Security_Comparison http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html#VPC_Security_Comparison
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.