By using AWS re:Post, you agree to the Terms of Use

Networking and Security Groups issue


I am experiencing some strange issue. There are 3 Ubuntu 18.04 machines on the same VPC. I am using only Security Groups with the ufw disabled with no custom rules in iptables (besides nat on VPN gateway). Settings in the Security Groups are quite similar. One of machines is a StrongSwan Gateway-to-Gateway VPN server.
I can traceroute, telnet, curl any machine on the LAN (company network) from 2 machines (vpn gw one of them) but can't do it from the 3rd one. Ping works from all machines.
traceroute works only with -I (ICMP) from the 3rd machine (probably traceroute switches to UDP).
Just for the test purposes, I have changed a security group on that machine in question to the security group connected to the working machine. It started to work. But when I created a new security group based on the working one, that copy security group didn't work on both machines.
That is weird.
All 3 machines are accessible from the LAN. I can't blame routing.
What is happening?
Should I switch completely to the iptables/ufw?

1 Answers

My bad.
I forgot to add an inbound allow rule to the VPN server security group which allows all traffic from sg-<new instance>. Now that makes sense why I was able to reach remote LAN resources with the security group from the first vm attached to the instance in question and why it didn't work when I was trying to use a copy of that security group.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions