Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Problem routing traffic

0

Hello,
I've partially followed this guide
https://aws.amazon.com/blogs/aws/new-vpc-ingress-routing-simplifying-integration-of-third-party-appliances/
which explains how to route all traffic going through an internet gateway to a device (appliance), which then forwards it to the final destination (application).
However, when I try to SSH to the "application", the traffic never reaches. If, instead, I remove the routing through the intermediate device, it all works normally.
I'm trying to understand what could be the cause of this.
Here is the exact setup:

Internet gateway route table:
10.0.0.0/16 local
10.0.1.0/24 network_interface_appliance
Appliance route table
10.0.0.0/16 local
0.0.0.0 /0 internet-gateway
Application route table
10.0.0.0/16 local
0.0.0.0/0 network_interface_appliance

The appliance is on subnet 10.0.0.0/24 and the application on 10.0.1.0/24

The appliance has the ip forwarding as expected:
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1

When I try to ssh, I get a connectio timeout
Thank you in advance for any help

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
asked 5 years ago307 views
1 Answer
0

I had forgotten to remove the destination check.
This can be done either using

aws ec2 modify-instance-attribute --region $AWS_REGION \  
                         --no-source-dest-check        \  
                         --instance-id $APPLIANCE_ID

or in the console -> actions -> networking -> Change source/dest check
Note: the instance must be stopped when applying this modification.

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content