I am experiencing some strange issue. There are 3 Ubuntu 18.04 machines on the same VPC. I am using only Security Groups with the ufw disabled with no custom rules in iptables (besides nat on VPN gateway). Settings in the Security Groups are quite similar. One of machines is a StrongSwan Gateway-to-Gateway VPN server.
I can traceroute, telnet, curl any machine on the LAN (company network) from 2 machines (vpn gw one of them) but can't do it from the 3rd one. Ping works from all machines.
traceroute works only with -I (ICMP) from the 3rd machine (probably traceroute switches to UDP).
Just for the test purposes, I have changed a security group on that machine in question to the security group connected to the working machine. It started to work. But when I created a new security group based on the working one, that copy security group didn't work on both machines.
That is weird.
All 3 machines are accessible from the LAN. I can't blame routing.
What is happening?
Should I switch completely to the iptables/ufw?
AWS 官方已更新 2 年前