[英]AWS EC2 instance in private subnet unable to connect to internet via NAT gateway
[英]Cannot connect internet with EC2 instance in private subnet
我正在嘗試在我使用 Jumpbox SSH 的私有子網中的 EC2 實例上安裝 docker。 我什至試圖在我的安全組中允許 ALL TRAFFIC,但仍然沒有發生。
sudo yum update -y
Loaded plugins: priorities, update-motd, upgrade-helper
Could not retrieve mirrorlist http://repo.us-west-1.amazonaws.com/latest/main/mirror.list error was
12: Timeout on http://repo.us-west-1.amazonaws.com/latest/main/mirror.list: (28, 'Connection timed out after 5001 milliseconds')
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:
yum-config-manager --disable <repoid>
4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: amzn-main/latest
私有子網中的 Amazon EC2 實例無法直接與 Internet 通信。 這是有意為之,因為它是一個私有子網。
要允許這種連接:
0.0.0.0/0
定向到 NAT 網關當 EC2 實例嘗試訪問 Internet 時,其請求將發送到 NAT 網關。 NAT 網關將代表實例發出請求並將響應發送回實例。 這允許到 Internet 的出站連接,同時保護實例免受入站連接的影響。
使用私有子網並不是絕對必要的。 安全組可以在實例級別而不是子網級別執行類似的功能。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.