不能通过公共IP地址在同一安全组中的两个ec2实例之间进行通信? [英] Can't communicate between two ec2 instances in the same security group via public ip address?
问题描述
我无法使用公共ip连接到同一安全组中的另一个ec2实例. 如果我尝试使用公共DNS名称和私有IP进行连接,那就很好了. 到目前为止,我所做的是: *创建了两个ec2公共实例. *将两个实例都附加到安全组sg-12345 *添加了入站规则 -所有流量,来源= sg-12345 -SSH port = 22,source = MY ip(这是从我的ec2实例登录 桌面) 预先感谢.
I can't connect to another ec2 instance in the same security group using public ip. If i try to connect using public DNS name and private ip, it is WORKING FINE. What i have done so far: * created two ec2 public instances. * attached both instances to security group sg-12345 * added inbound rules - all traffic,source=sg-12345 - SSH port=22,source= MY ip(this is to login into my ec2 instance from my desktop) Thanks in Advance.
推荐答案
使用公用IP时,流量会退出您的VPC并再次进入,此时不再将其标识为来自该安全组.当时看起来就像是随机的Internet流量.坚持使用私有IP来提高安全性和速度.
When you use public IP the traffic exits your VPC and comes back in, at which point it is no longer identified as coming from that security group. It looks just like random Internet traffic at that point. Stick to using private IP for both security and speed.
从 docs :
将安全组指定为规则的源时,将允许来自与指定协议和端口的源安全组关联的网络接口的流量.根据与源安全组关联的网络接口的专用IP地址(而不是公用IP或弹性IP地址)来允许传入流量.
When you specify a security group as the source for a rule, traffic is allowed from the network interfaces that are associated with the source security group for the specified protocol and port. Incoming traffic is allowed based on the private IP addresses of the network interfaces that are associated with the source security group (and not the public IP or Elastic IP addresses).
这篇关于不能通过公共IP地址在同一安全组中的两个ec2实例之间进行通信?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
