[英]Internet access from Private Subnets through NAT instance in AWS
我正在尝试通过NAT实例从专用子网实例访问Internet。 我已按照以下网址中的步骤进行操作。
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
通过上述所有步骤,我可以在NAT实例上访问Internet。 但是无法从私有IP实例访问Internet。
From NAT Instance
$ ping ietf.org
PING ietf.org (4.31.198.44) 56(84) bytes of data.
64 bytes from mail.ietf.org (4.31.198.44): icmp_seq=1 ttl=49 time=23.8 ms
64 bytes from mail.ietf.org (4.31.198.44): icmp_seq=2 ttl=49 time=23.9 ms
64 bytes from mail.ietf.org (4.31.198.44): icmp_seq=3 ttl=49 time=23.9 ms
^C
--- ietf.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 23.888/23.940/23.976/0.037 ms
From Private IP Instances
$ ping ietf.org
PING ietf.org (4.31.198.44) 56(84) bytes of data.
^C
--- ietf.org ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 5999ms
我可以从私有IP实例ping NAT实例。
我已经检查了以上URL中提供的所有以下步骤。 一切看起来都很好。
If the ping command fails, check the following information:
Check that your NAT instance's security group rules allow inbound ICMP traffic from your private subnet. If not, your NAT instance cannot receive the ping command from your private instance.
Check that you've configured your route tables correctly. For more information, see Updating the Main Route Table.
Ensure that you've disabled source/destination checking for your NAT instance. For more information, see Disabling Source/Destination Checks.
Ensure that you are pinging a website that has ICMP enabled. If not, you will not receive reply packets. To test this, perform the same ping command from the command line terminal on your own computer.
一些帮助将不胜感激。 谢谢。
根据您提供的信息,架构设置的所有填充似乎都是我在NAT Instant安全组中发现的唯一错误。
根据AWS建议进行NAT即时配置:
入站:
80、443-用于私有子网的私有IP实例/私有IP地址范围
22-家庭网络的公共IP地址范围
出站:
80,443-- 0.0.0.0/0
试试这个会起作用
参考: http : //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
请在上述文档中找到NATSG:推荐规则部分。
一切似乎都很好,但您唯一想念的就是子网协会
如果您需要有关子网关联的更多信息,请参考以下URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
尝试通过AWS中的nat实例从私有子网实例访问Internet时遇到问题?
[英]Getting issue while trying to access internet from private-subnet instance via nat intance in aws?
在专用子网的AWS的Kubernetes集群中,是否有一种方法可以使用NAT实例而不是NAT网关作为出口?
[英]Is there a way to use a NAT instance instead of NAT gateway as egress in the kubernetes cluster on aws for private subnets?
AWS - 通过公有子网内的有线保护实例访问私有子网内的实例
[英]AWS - Access instances inside private subnets through wireguard instance inside public subnet
AWS VPC:将NAT和Internet Gateway与负载均衡器和专用子网一起使用时的奇怪行为
[英]AWS VPC: Strange Behaviour when using NAT and Internet Gateway with Load Balancer and Private Subnets
AWS验证私有实例已使用NAT连接到Internet
[英]AWS validate that the private instance is connected to the internet using NAT
添加带有 Internet 网关的公共子网和带有 NAT 的私有子网时,RDS 公共访问丢失
[英]RDS public access lost when adding public subnet with internet gateway and private subnets with NAT
通过 NAT 网关路由来自子网的出站流量后,AWS 入站流量被阻止
[英]AWS inbound trafic is blocked after routing the outbound trafic from the subnets through NAT gateway
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.