堆栈内存溢出
  简体   繁体   English

AWS - 无法 ping VPC 中私有子网上的 EC2 实例

[英]AWS - Cannot ping EC2 instance on private subnet in VPC

 原文  2019-04-14 23:51:17       amazon-web-services/ amazon-ec2/ aws-vpc

问题描述

My goal is to create an EC2 instance in a private subnet on a VPC that I will be able to ping from external internet.我的目标是在 VPC 上的私有子网中创建一个 EC2 实例,我将能够从外部 Internet ping 通该实例。

So far, I have:到目前为止,我有:

  1. created an elastic IP创建弹性IP
  2. created a VPC with one public subnet and one private subnet创建了一个带有一个公有子网和一个私有子网的 VPC
  3. created a NAT Gateway on the public subnet and set its public IP to the elastic IP在公共子网上创建了一个 NAT 网关,并将其公共 IP 设置为弹性 IP
  4. created an EC2 instance in the VPC on the private subnet在私有子网上的 VPC 中创建了一个 EC2 实例
  5. created a security group for the EC2 instance which allows all ICMP traffic为 EC2 实例创建了一个允许所有 ICMP 流量的安全组

When I try to ping the elastic IP address, then pings time out.当我尝试 ping 弹性 IP 地址时,ping 超时。

What do I need to be able to do to ping the EC2 instance on the private subnet?我需要做什么才能 ping 私有子网上的 EC2 实例?

2 个解决方案

解决方案1
 0 已采纳  2019-04-15 01:06:43

Your Amazon EC2 instance is in a private subnet. 您的Amazon EC2实例位于私有子网中。 Therefore, it cannot be reached from the Internet. 因此,无法从互联网上联系到它。 This is good! 这很好! That is why private subnets exist. 这就是私有子网存在的原因。

Therefore, you correctly cannot ping the private instance from the Internet. 因此,您无法从Internet ping私有实例。

In fact, when you ping the Elastic IP address associated with the NAT Gateway, you are actually pinging the NAT Gateway, not the instance. 实际上,当您ping与NAT网关关联的弹性IP地址时,您实际上正在ping NAT网关,而不是实例。 The NAT Gateway is either rejecting the requests and/or has a security group that does not permit inbound ICMP requests. NAT网关要么拒绝请求,要么/或者有一个不允许入站ICMP请求的安全组。

The NAT Gateway allows outbound communication from resources in a private subnet to the Internet. NAT网关允许从私有子网中的资源到Internet的出站通信。 It does not forward inbound requests. 它不转发入站请求。 This is per design. 这是每个设计。

解决方案2
 0  2021-12-13 03:17:47

Actually I think the right thing you need to is connect public and private subnets through a Route Table.实际上,我认为您需要做的正确事情是通过路由表连接公共和私有子网。

Destination     Target

10.0.0.0/16     local

0.0.0.0/0       nat-gateway-id

在此处输入图片说明

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS VPC - 无法从私有子网中的堡垒主机通过 SSH 连接到不同子网中同一 VPC 中的 EC2 实例 - AWS VPC - Cannot SSH from Bastion Host in private subnet to EC2 instance in the same VPC in a different subnet SSH 连接到位于 VPC 私有子网中的 AWS EC2 实例 - SSH'ing into AWS EC2 Instance located in Private Subnet in a VPC 公共子网中的 AWS EC2 私有实例 - 无法运行 apt-get update 或 ping google - AWS EC2 private instance in public subnet - Cannot run apt-get update or ping google 如何在 AWS 中 ping 在同一 vpc 同一子网但不同安全组中运行的 EC2 实例 - How to ping an EC2 instance running in the same vpc same subnet but different security group in AWS 如何在 AWS VPC 的私有子网中连接 AWS EC2 实例后面的网页 - How to connect a webpage behind a AWS EC2 instance in a private subnet in a AWS VPC 用户数据未在私有VPC子网中的EC2实例上运行 - User Data is not running on EC2 instance in Private VPC subnet 无法 ping 同一私有子网中的 ec2 实例 - Cannot ping ec2 instances in the same private subnet AWS VPC - 更改路由表后无法从 ec2 实例 ping - AWS VPC - cannot ping from ec2 instance after changing route tables AWS Lambda无法ping通VPC中的EC2实例 - AWS Lambda unable to ping EC2 instance within VPC 无法 ping 通 AWS EC2 实例 - Cannot ping AWS EC2 instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM