AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

EC2 Instances in the us-east-1 and us-east-2 region can ping outside but not able to curl/wget/telnet

0

Issue: apt-get update failing( any outbound traffic over ports failing) with network unreachable UFW status inactive. DNS resolver check - Can resolve using nslookup Public connectivity check - Instance has public Ip attached, in a subnet with routes to IGW for destiantion 0.0.0.0/0 , ::/0 NACL check - Allow all traffic Outbound access check - Ping is working fine. (allowed all traffic outbound to ipv4 and ipv6) VPC DNS check - hostnames and resolutions enabled AWS Abuse team check - No events/notifications in health dashaboard AWS Firewall Manager- Not in use Organization check - no policies applied Kindly help if any solutions. Thanks.

  • can you share some screen shots of the error, subnets, route tables etc

질문됨 7일 전33회 조회
2개 답변
1

Based on the information provided, it appears that you're experiencing a complex networking issue with your EC2 instances in the us-east-1 and us-east-2 regions. Since ping is working but other outbound traffic is failing, this suggests a potential problem with the security group configuration or a more subtle networking issue.

Here are some steps to troubleshoot and potentially resolve the issue:

  1. Double-check the security group settings: Even though you've allowed all traffic outbound, make sure that the inbound rules are also correctly configured to allow the necessary return traffic.

  2. Verify the route table: Confirm that the route table associated with your subnet has the correct routes for both IPv4 and IPv6 traffic to the internet gateway.

  3. Check for any Network ACL (NACL) issues: Although you mentioned that you've allowed all traffic, double-check that there are no conflicting or overlapping rules in your NACLs that might be blocking specific types of traffic.

  4. Investigate potential VPC peering or Transit Gateway configurations: If your VPC is connected to other VPCs or on-premises networks, ensure that these connections are not interfering with your internet connectivity.

  5. Examine the EC2 instance's network interface: Check if there are any issues with the network interface attached to the instance, such as incorrect IP configurations or multiple interfaces causing routing conflicts.

  6. Review any custom network configurations: If you've implemented any custom networking solutions like proxy servers or NAT instances, ensure they are configured correctly and functioning as expected.

  7. Check for MTU (Maximum Transmission Unit) issues: Sometimes, MTU misconfigurations can cause issues with certain types of traffic. Try adjusting the MTU settings on your instances to see if it resolves the problem.

  8. Investigate potential DNS issues: Although you mentioned that DNS resolution is working with nslookup, try using different DNS servers (e.g., 8.8.8.8 or 1.1.1.1) to rule out any DNS-related problems.

  9. Review any custom iptables rules: Even though UFW is inactive, check for any custom iptables rules that might be interfering with outbound traffic.

  10. Consider reaching out to AWS Support: If none of the above steps resolve the issue, it may be worth contacting AWS Support for more in-depth troubleshooting, as there could be an underlying infrastructure issue or a more complex networking problem that requires their expertise.

Remember to test your connectivity after each change to isolate the root cause of the problem.
Sources
EC2 Connection issue | AWS re:Post
Troubleshoot issues with Amazon EC2 instances - Amazon Elastic Compute Cloud
Unable to Resolve DNS and Access Internet on EC2 Instance | AWS re:Post

profile picture
답변함 7일 전
profile picture
전문가
검토됨 6일 전
profile picture
전문가
검토됨 7일 전
1

Hi,

Given the fact that you can ping, your route tables seem ok.

So, you probably face an issue with sec groups that do not allow outbound trafinc on certain IP ports: tcp 22 for ssh, tcp 80 for standard http (curl or wget), tcp 443 for https (curl or wget)

That's were I'd start my investigation if I were you.

In all case, Reachability Analyze (https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html) will definiteyly help you in finding the root cause of your problem.

Best,

Didier

profile pictureAWS
전문가
답변함 7일 전
profile picture
전문가
검토됨 6일 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠