By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Networking and Security Groups issue

0

I am experiencing some strange issue. There are 3 Ubuntu 18.04 machines on the same VPC. I am using only Security Groups with the ufw disabled with no custom rules in iptables (besides nat on VPN gateway). Settings in the Security Groups are quite similar. One of machines is a StrongSwan Gateway-to-Gateway VPN server.
I can traceroute, telnet, curl any machine on the LAN (company network) from 2 machines (vpn gw one of them) but can't do it from the 3rd one. Ping works from all machines.
traceroute works only with -I (ICMP) from the 3rd machine (probably traceroute switches to UDP).
Just for the test purposes, I have changed a security group on that machine in question to the security group connected to the working machine. It started to work. But when I created a new security group based on the working one, that copy security group didn't work on both machines.
That is weird.
All 3 machines are accessible from the LAN. I can't blame routing.
What is happening?
Should I switch completely to the iptables/ufw?

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
lk7777
asked 5 years ago266 views
1 Answer
0

My bad.
I forgot to add an inbound allow rule to the VPN server security group which allows all traffic from sg-<new instance>. Now that makes sense why I was able to reach remote LAN resources with the security group from the first vm attached to the instance in question and why it didn't work when I was trying to use a copy of that security group.

lk7777
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content