- Newest
- Most votes
- Most comments
One really (probably bad) guess: is the instance configured to use a proxy server? Could it be trying to send the HTTP/S traffic there?
If that isn't it (which I doubt it): Raise a support case as the support team are able to look into the environment and determine if there is something in the VPC configuration which is blocking that traffic.
These symptoms would point to a Network ACL issue.
First, make sure that if you have multiple Network ACLs, you are looking at the one that is associated with the subnet your server is in.
Second, make sure you have (at least) 2 outbound & (at least) 2 inbound Network ACL rules - one of these will be the default ALL/DENY - you will also need a ALL/ALLOW with a destination of 0.0.0.0/0 for a default VPC configuration.
If you have other custom Network ACL rules, ensure they are in the correct order - they apply in order from the lowest rule number to the highest, with anything that doesn't match an explicit rule matching the default DENY rule (*).
Check the documentation for further information/examples: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
If these look right - you may want to enabled VPC flow logs for this VPC to review exactly how far the traffic is getting, and any errors that might occur.
I mentioned in my post: yes, only those two ACLs. Flow logs -- tried to enable those butnit logs literally nothing, so assuming I have it misconfigured in some way.
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- I host a website on an EC2 instance. How do I allow my users to connect on HTTP (80) or HTTPS (443)?AWS OFFICIALUpdated 2 months ago
If it is, it would have to be transparent. It occurs even from the command line using raw telnet. If anybody has any ideas about hownto check that it would save me a rebuild. Iptables shows no entries anywhere and ufw is disabled.