[英][AWS Network Firewall]Why can't i communicate with different request and response routes?
I have a question about network.我有一个关于网络的问题。
I am testing a AWS Network Firewall in AWS with private Subnet and NAT Gateway.我正在使用私有子网和 NAT 网关在 AWS 中测试 AWS 网络防火墙。
So, My Connection Flow with Internet is:因此,我与 Internet 的连接流程是:
Request: EC2 in private subnet -> NAT gateway -> FW -> IGW
请求:
EC2 in private subnet -> NAT gateway -> FW -> IGW
Response: Server from Internet -> FW -> NAT -> EC2 in private subnet
响应:
Server from Internet -> FW -> NAT -> EC2 in private subnet
Request and Response flows are exactly reversed.请求和响应流完全相反。 but, I want to filter only Egress traffic, so I changed Response Route with changing Ingress Route table which applied to IGW.
但是,我只想过滤 Egress 流量,所以我通过更改适用于 IGW 的 Ingress Route 表更改了 Response Route。 Because AWS Network Firewall is transparent, so I thought that it would be okay.
因为 AWS Network Firewall 是透明的,所以我觉得应该没问题。
New Response route: Server from Internet -> NAT -> EC2 in private subnet
新的响应路由:
Server from Internet -> NAT -> EC2 in private subnet
What i expected is just only checking Egress traffic, but it didn't work.我所期望的只是检查出口流量,但它没有用。 I mean, they couldn't connect with Internet.
我的意思是,他们无法连接到互联网。
So What i want to know is:所以我想知道的是:
Thank you for reading this question.感谢您阅读这个问题。
i got a answer of this question.我得到了这个问题的答案。 It is asymmetric flow(request and response flow are different), but route traffic through a middlebox appliance in VPC is not allowed.So the traffic above is not available!!!
它是非对称流(请求和响应流不同),但是不允许通过 VPC 中的中间盒设备路由流量。所以上面的流量不可用!!! ( https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html )
( https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html )
Of course, My answer can be wrong.当然,我的回答可能是错误的。 Please feel free to correct this answer.
请随时更正此答案。 :)
:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.