Query Regarding Appropriate CIDR for Forwarding Incoming Traffic to Instance
I attempted to add an incoming traffic route policy to the subnet route table, but I encountered an error.
Could you kindly advise me on the appropriate CIDR that should be used for forwarding incoming traffic to an instance?
- Public Subnet CIDR?
- Public IPv4 address of the instance bastionhost?
- Private IPv4 addresses of the instance(bastionhost)?
- Newest
- Most votes
- Most comments
Hi,
If you are talking about ingress routing (routing via appliance) for internet traffic, kindly refer to the link [1] which explains how routing can be configured for public and private subnets. If you are just using bastion host for internet, you don't need to route traffic.
References: [1] https://aws.amazon.com/blogs/aws/new-vpc-ingress-routing-simplifying-integration-of-third-party-appliances/
@Anupam Gupta Thanks for replying. I posted resource map, route table below. I set up the webhost(private subnet), bastionhost(public) for testing. Did you need NACLs and security group for both instances?
Now with this arrangement, Are you able to ssh into your bastian host from your local machine? If not, could you please provide screen shots for Security Group and NACLs settings. And the error that you are getting while making the connection.
Hey, Anupam Gupta Yes, I was able to access SSH after allowing ssh policy into the SG. I had to delete entire contents for now, but I will retest them once we decide to use AWS VPN. Thanks for following up.
Alright and all the best!
Hi,
I think, you do not need the route for bastian host specifically. You already have a route to Internet Gateway.
If you want to control the traffic then you can use Network ACLs and Security group in combination.
Thanks for your comment @Anupam I concur with your viewpoint. However, I am encountering an issue when attempting to access the internet. I believe I might have overlooked a certain aspect, but I'm uncertain about the exact location of the oversight.
One good place to check --> If you select your VPC you can see "VPC resource map". If you need more assistence you can provide screen shorts for VPC resource map, route table, NACLs and security group.
Hey, Vasmi
Here I shared the diagram for your information.
As an alternative plan, I have established an additional test VPC without a private subnet. However, this VPC also lacks internet connectivity. I believe I might be overlooking a significant aspect in this scenario.
Relevant content
- asked 4 years ago
- AWS OFFICIALUpdated 2 months ago
Thank you for your comment, Vamsi. Indeed, that was my initial thought as well. However, I currently do not have access to the internet.
Hi, Since you stated you don't have access to the internet, is it the EC2 instance that's not having the internet ? or you are unable to connect to EC2 instance which is in private subnet and you are trying to access from your local PC