- 新しい順
- 投票が多い順
- コメントが多い順
When you say "NetworkID inbound rule #100", are you talking about the Network ACL for the instance's subnet?
If so, note that Network ACLs are "stateless". Unlike security groups, they don't keep track of incoming requests, then automatically allow the response traffic back out to the client. You need to add an egress rule to your Network ACL to allow the "echo reply" (ICMP type 0) to go back to the client.
For Test #2, is "X.XXX.XX.XXX" a private IP address (within the instance's subnet CIDR), or a public IP address?
Hi,
The issue seems to be due to Windows Firewall. Changing the Windows Defender Firewall Properties to allow All Inbound connection for domain, Private and Public Profile ensured an ICMP response. The default settings are Block(default). Changing to this setting is a quick test but would not be recommended on a production setup. Im not a Windows expert to assist with nailing down the exact settings or rule in the firewall
The other thing I'm assuming is when you say you have allowed All inbound/outbound in Security group, the Type in the rule is 'All Traffic' and not 'All TCP'
Also, if you noticed, pinging "ec2-X-XXX-XX-XXX.us-east-2.compute.amazonaws.com" from localhost would resolve to Private IP and hence you got a response. The other three ping command were resolving to Public IP which was timing out.
--Syd
I already have a Security group outbound rule allowing all protocols on all ports to all destinations. I also have a Network ACL outbound rule # 100 allowing all protocols on all ports to all destinations. X.XXX.XX.XXX is a public ipV4 address same as the elastic IPv4 address.
All 4 tests are working now. I did not make any incremental changes, and it appears my changes to SecurityGroup and Network ACL took effect with a significant lag (3+hrs).