堆栈内存溢出
  简体   繁体   English

[AWS 网络防火墙]为什么我不能通过不同的请求和响应路由进行通信?

[英][AWS Network Firewall]Why can't i communicate with different request and response routes?

 原文  2021-02-02 01:50:45       amazon-web-services/ networking/ tcp/ firewall/ aws-security-group

问题描述

I have a question about network.我有一个关于网络的问题。

I am testing a AWS Network Firewall in AWS with private Subnet and NAT Gateway.我正在使用私有子网和 NAT 网关在 AWS 中测试 AWS 网络防火墙。

So, My Connection Flow with Internet is:因此,我与 Internet 的连接流程是:

Request: EC2 in private subnet -> NAT gateway -> FW -> IGW请求: EC2 in private subnet -> NAT gateway -> FW -> IGW

Response: Server from Internet -> FW -> NAT -> EC2 in private subnet响应: Server from Internet -> FW -> NAT -> EC2 in private subnet

Request and Response flows are exactly reversed.请求和响应流完全相反。 but, I want to filter only Egress traffic, so I changed Response Route with changing Ingress Route table which applied to IGW.但是,我只想过滤 Egress 流量,所以我通过更改适用于 IGW 的 Ingress Route 表更改了 Response Route。 Because AWS Network Firewall is transparent, so I thought that it would be okay.因为 AWS Network Firewall 是透明的,所以我觉得应该没问题。

New Response route: Server from Internet -> NAT -> EC2 in private subnet新的响应路由: Server from Internet -> NAT -> EC2 in private subnet

What i expected is just only checking Egress traffic, but it didn't work.我所期望的只是检查出口流量,但它没有用。 I mean, they couldn't connect with Internet.我的意思是,他们无法连接到互联网。

So What i want to know is:所以我想知道的是:

  1. Is there any problem to communicate with different route?与不同的路由通信有什么问题吗? isn't possible anyway?反正不可能吗?
  2. if possible, what should i do?如果可能,我该怎么办?

Thank you for reading this question.感谢您阅读这个问题。

1 个解决方案

解决方案1
 0  2021-04-20 16:23:01

i got a answer of this question.我得到了这个问题的答案。 It is asymmetric flow(request and response flow are different), but route traffic through a middlebox appliance in VPC is not allowed.So the traffic above is not available!!!它是非对称流(请求和响应流不同),但是不允许通过 VPC 中的中间盒设备路由流量。所以上面的流量不可用!!! ( https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html ) https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html

Of course, My answer can be wrong.当然,我的回答可能是错误的。 Please feel free to correct this answer.请随时更正此答案。 :) :)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么我无法捕获此iOS AWS SDK网络错误? - Why can't I catch this iOS AWS SDK network error? 如何使用 terraform 为 AWS 网络防火墙添加到 VPC 网关端点的路由 - How can I add route to VPC Gateway endpoint for AWS network firewall using terraform 具有 Suricata 规则的 AWS 网络防火墙 - AWS network firewall with Suricata rules 启用防火墙后无法进入AWS EC2 - Can't ssh into AWS EC2 after enabling firewall 为什么我无法连接到 AWS RDS? - Why can't I connect to AWS RDS? AWS 网络防火墙 - 如何记录被阻止的连接 - AWS Network Firewall - How to log the blocked connections 使用Kops和AWS设置外部防火墙网络安全性 - Setup external firewall network security with kops and aws 前端和后端服务器(托管在单独的AWS实例上)无法通信 - Frontend and backend servers (hosted on separate aws instances) can't communicate AWS Lambda函数无法与EC2实例通信 - AWS Lambda function can't communicate with EC2 Instance 如何在 nodejs 中的 AWS SQS 中创建请求-响应模式? - How can I make request-response mode in AWS SQS in nodejs?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM