By using AWS re:Post, you agree to the AWS re:Post Terms of Use

EC2 Instances in the us-east-1 and us-east-2 region can ping outside but not able to curl/wget/telnet

0

Issue: apt-get update failing( any outbound traffic over ports failing) with network unreachable UFW status inactive. DNS resolver check - Can resolve using nslookup Public connectivity check - Instance has public Ip attached, in a subnet with routes to IGW for destiantion 0.0.0.0/0 , ::/0 NACL check - Allow all traffic Outbound access check - Ping is working fine. (allowed all traffic outbound to ipv4 and ipv6) VPC DNS check - hostnames and resolutions enabled AWS Abuse team check - No events/notifications in health dashaboard AWS Firewall Manager- Not in use Organization check - no policies applied Kindly help if any solutions. Thanks.

  • can you share some screen shots of the error, subnets, route tables etc

asked 9 days ago34 views
2 Answers
1

Based on the information provided, it appears that you're experiencing a complex networking issue with your EC2 instances in the us-east-1 and us-east-2 regions. Since ping is working but other outbound traffic is failing, this suggests a potential problem with the security group configuration or a more subtle networking issue.

Here are some steps to troubleshoot and potentially resolve the issue:

  1. Double-check the security group settings: Even though you've allowed all traffic outbound, make sure that the inbound rules are also correctly configured to allow the necessary return traffic.

  2. Verify the route table: Confirm that the route table associated with your subnet has the correct routes for both IPv4 and IPv6 traffic to the internet gateway.

  3. Check for any Network ACL (NACL) issues: Although you mentioned that you've allowed all traffic, double-check that there are no conflicting or overlapping rules in your NACLs that might be blocking specific types of traffic.

  4. Investigate potential VPC peering or Transit Gateway configurations: If your VPC is connected to other VPCs or on-premises networks, ensure that these connections are not interfering with your internet connectivity.

  5. Examine the EC2 instance's network interface: Check if there are any issues with the network interface attached to the instance, such as incorrect IP configurations or multiple interfaces causing routing conflicts.

  6. Review any custom network configurations: If you've implemented any custom networking solutions like proxy servers or NAT instances, ensure they are configured correctly and functioning as expected.

  7. Check for MTU (Maximum Transmission Unit) issues: Sometimes, MTU misconfigurations can cause issues with certain types of traffic. Try adjusting the MTU settings on your instances to see if it resolves the problem.

  8. Investigate potential DNS issues: Although you mentioned that DNS resolution is working with nslookup, try using different DNS servers (e.g., 8.8.8.8 or 1.1.1.1) to rule out any DNS-related problems.

  9. Review any custom iptables rules: Even though UFW is inactive, check for any custom iptables rules that might be interfering with outbound traffic.

  10. Consider reaching out to AWS Support: If none of the above steps resolve the issue, it may be worth contacting AWS Support for more in-depth troubleshooting, as there could be an underlying infrastructure issue or a more complex networking problem that requires their expertise.

Remember to test your connectivity after each change to isolate the root cause of the problem.
Sources
EC2 Connection issue | AWS re:Post
Troubleshoot issues with Amazon EC2 instances - Amazon Elastic Compute Cloud
Unable to Resolve DNS and Access Internet on EC2 Instance | AWS re:Post

profile picture
answered 9 days ago
profile picture
EXPERT
reviewed 8 days ago
profile picture
EXPERT
reviewed 9 days ago
1

Hi,

Given the fact that you can ping, your route tables seem ok.

So, you probably face an issue with sec groups that do not allow outbound trafinc on certain IP ports: tcp 22 for ssh, tcp 80 for standard http (curl or wget), tcp 443 for https (curl or wget)

That's were I'd start my investigation if I were you.

In all case, Reachability Analyze (https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html) will definiteyly help you in finding the root cause of your problem.

Best,

Didier

profile pictureAWS
EXPERT
answered 9 days ago
profile picture
EXPERT
reviewed 8 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions