- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
The diagram is helpful, although why are you trying to ping-test the internet gateway and NAT gateway?
To boil it down, user A (on Windows) and user B (on Mac) are both able to SSH onto bastion 10.10.10.40.
From the bastion an SSH connection can be made to the host in the private subnet on 10.10.20.190. Is it correct that this host is also running a webserver, and you're finding that is not accessible?
The bastion would need a security group with outbound rules for 80/tcp and 443/tcp for target 10.10.20.190, and likewise the private host will need a security group with inbound rules for 80/tcp and 443/tcp from source 10.10.10.40.
Once this is in place, check connectivity to the web server with by running (on the bastion host) curl http://10.10.20.190/
and curl https://10.10.20.190/
(if you get a cert error then use the --insecure
option, you just want to get it working to begin with).
Your screengrabs show that ping test of internet sites is working from the bastion hosts, so the routing table is likely to be correct, and you have a security group rule associated that has the ICMP port open. Enure ports 80/tcp and 443/tcp are open similarly, and then use something like curl http://www.google.com/
and curl https://www.google.com/
to verify the bastion can access websites on the internet.
I hope this puts you on the right track, although I'm not at all clear what your target state is.
Hey, Riku, I have attached the route table and VPN endpoint configuration for your reference. The VPN endpoint was tired to run from the private subnet to the public subnet as part of the testing process, but I changed to tied it to publice subneet for now. My expectation was that connecting through the public subnet would result in fewer issues compared to using the private subnet.
You will not be able to access the internet with the above setup I am afraid if that route table is matching the 2 screen shots
@Gary I thought "Destination 0.0.0.0/0 will send all trafic to IGW"
Hello.
Can you show me the route table of the subnet that the Client VPN endpoints are tied to?
Probably, public websites cannot be displayed unless a route to the NAT Gateway is set here.
Routes and authorisation rules and DNS settings from VPN client endpoint settings will also be beneficial.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
@Steve M Thanks for replying. Q. why are you trying to ping-test the internet gateway and NAT gateway? A: I believe performing these tests is crucial to validate the network connection from the source to the internet.
Additionally, I encountered HTML code when using the 'curl' command and recevided HTML code from CLI prompt. However, the browser has yet to respond.
How did you find out the IP address of the Internet Gateway, so you would know what to ping?
So you can successfully
curl google.com
from the command line of the EC2 in the public zone, is the browser (that's failing) also running on the EC2?