我试图通过NAT实例从私有子网实例访问互联网。我已按照以下网址中的步骤操作。
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
通过以上所有步骤,我可以在NAT实例上访问互联网。但无法从私有IP实例访问互联网。
From NAT Instance
$ ping ietf.org
PING ietf.org (4.31.198.44) 56(84) bytes of data.
64 bytes from mail.ietf.org (4.31.198.44): icmp_seq=1 ttl=49 time=23.8 ms
64 bytes from mail.ietf.org (4.31.198.44): icmp_seq=2 ttl=49 time=23.9 ms
64 bytes from mail.ietf.org (4.31.198.44): icmp_seq=3 ttl=49 time=23.9 ms
^C
--- ietf.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 23.888/23.940/23.976/0.037 ms
From Private IP Instances
$ ping ietf.org
PING ietf.org (4.31.198.44) 56(84) bytes of data.
^C
--- ietf.org ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 5999ms
我可以从私有IP实例ping NAT实例。
我已检查上述网址中提供的以下所有步骤。一切都很好看。
If the ping command fails, check the following information:
Check that your NAT instance's security group rules allow inbound ICMP traffic from your private subnet. If not, your NAT instance cannot receive the ping command from your private instance.
Check that you've configured your route tables correctly. For more information, see Updating the Main Route Table.
Ensure that you've disabled source/destination checking for your NAT instance. For more information, see Disabling Source/Destination Checks.
Ensure that you are pinging a website that has ICMP enabled. If not, you will not receive reply packets. To test this, perform the same ping command from the command line terminal on your own computer.
一些帮助将不胜感激。感谢。
答案 0 :(得分:0)
根据您提供的信息,您的架构设置的所有填充似乎是我在NAT即时安全组中发现的唯一错误。
根据aws推荐的NAT即时配置:
入站:
80,443 - 私有IP实例/私有IP地址Rang私有子网
22 - 家庭网络的公共IP地址范围
出站:
80,443-- 0.0.0.0/0
试试这个会起作用
参考:http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
请在上述文件中找到NATSG:推荐规则部分。
答案 1 :(得分:0)
每一个看起来都很好但只有你错过的是子网协会
如果您需要有关子网关联的更多信息,请参阅以下URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html