公共子网中具有EIP的EC2实例未连接到Internet [英] EC2 instance with EIP in Public subnet not connecting to Internet
问题描述
我有一个奇怪的问题,其中我能够使用RDP和HTTP连接到AWS VPC的公共子网中的EC2实例.但是,通过RDP成功连接到实例后,我无法从实例连接到Internet.
I have a strange problem wherein I am able to connect to an EC2 instance in a public subnet in AWS VPC using RDP and HTTP. However after successfully connecting to the instance through RDP, i am not able to connect to Internet (from the instance).
a)我创建了一个非默认的AWS VPC,并将一个IGW与其关联. VPC的地址范围是10.0.0.0/16.创建了一个地址空间为10.0.5.0/24的子网
a) I created a non-default AWS VPC and associated an IGW to it. The address range of VPC is 10.0.0.0/16. A subnet with the address space 10.0.5.0/24 was created
c)为了使子网公开,我决定保留主路由表,并创建一个带有以下条目的附加路由表
c) In order to make the subnet public, i decided to retain the Main Route Table as it is and created an additional Route table with the following entries
10.0.0.0/16本地 0.0.0.0/0 igw
10.0.0.0/16 local 0.0.0.0/0 igw
d)该路由表与子网10.0.5.0/24相关联.这使其成为公共子网
d) This route table was associated with the subnet 10.0.5.0/24. This makes it a public subnet
e)将NACL设置为允许: 入站流量:针对IPV4和NACL的HTTP(80),HTTPS(80),SSH(22),RDP(3389) 出站流量所有流量所有协议所有端口范围目标0.0.0.0/0
e) The NACL is set to allow: INBOUND traffic HTTP(80),HTTPS(80),SSH(22), RDP(3389) for IPV4 and NACL outbound traffic ALL TRAFFIC ALL PROTOCOL ALL PORT Range Destination 0.0.0.0/0
f)安全组设置为:
入站所有流量全部全部0.0.0.0/0 出站所有流量全部全部0.0.0.0/0
Inbound All traffic All All 0.0.0.0/0 Outbound All traffic All All 0.0.0.0/0
g)我在公共子网中创建了一个EC2实例,并为其分配了Elastic EIP.我可以使用RDP对此进行连接,并且可以通过在本地浏览器中键入EC2的公共DNS名称来访问IIS欢迎页面.但是,从打开IE并尝试访问任何流行网站的实例来看,我无法访问Internet.我总是收到无法访问此页面"
g) I created a single EC2 instance in the public subnet and assigned a Elastic EIP to it. I am able to connect to this using RDP and able to access the IIS Welcome page by typing the public DNS name of the EC2 in my local browser. However, from the instance when i open IE and try accessing any popular websites i am not able to access the Internet. I always get a 'Can't reach this page'
h)我禁用Windows防火墙并尝试访问Internet.但是仍然没有用.
h) I disabled Windows Firewall and tried accessing Internet. But still it didnt work.
i) tracert 输出仅在所有行中显示请求超时".
i) The tracert output just shows Request timed Out in all the lines.
任何帮助将不胜感激.
Any help would be appreciated.
感谢和问候 戈文德(Govind)
Thanks and Regards Govind
推荐答案
首先,确认满足以下条件:
First, verify that the following conditions are met:
实例子网中的路由表具有到 互联网网关.附加到实例的安全组 弹性网络接口必须允许以下端口上的出站流量 端口:HTTP流量的端口80端口HTTP流量的端口443标识 与以下内容相关联的网络访问控制列表(ACL): 实例所在的子网.这些网络ACL必须具有 规则,以允许端口80和443上的入站和出站流量.
The route table in the instance’s subnet has a default route to an internet gateway. The security group attached to the instance’s elastic network interface must allow outbound traffic on the following ports: Port 80 for HTTP traffic Port 443 for HTTPs traffic Identify the network access control lists (ACLs) that are associated with the subnet that the instance is located on. These network ACLs must have rules to allow inbound and outbound traffic on ports 80 and 443.
您无需打开所有端口即可启用传出的Web流量.
You don't need to open all the ports to enable outgoing web traffic.
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-connect-internet-gateway/
这篇关于公共子网中具有EIP的EC2实例未连接到Internet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
