允许VPC中的实例进行连接的AWS安全组无法通过公共IP工作 [英] AWS security group that allows instances within VPC to connect doesn't work over public IP
问题描述
我在AWS中设置了一个VPC,并具有一个安全组,该安全组允许来自VPC的CIDR块的入站连接并将其分配给我的实例.使用私有IP地址时,SSH和TCP可以正常工作.但是,在实例上使用公共ip地址时,连接会失败.为什么?即使将安全连接发送到公共IP,安全组为何也不知道该连接来自VPC?
I have a VPC set up in AWS and have a security group that allows inbound connections from the VPC's CIDR block and have assigned it to my instances. SSH and TCP work fine while using the private IP addresses. However when using public ip addresses on an instance, connection fails. Why is that so? Why doesn't the security group know the connection is coming from within VPC even if it's addressed to the public IP?
推荐答案
当您连接到公共IP时,即使实例位于同一子网中,流量仍会通过Internet网关从VPC流出到Internet,然后重新输入VPC.因此,它是NAT,并且源专用IP被公用IP隐藏,并且通过您的设置,没有安全组规则允许这种流量.
When you connect to the Public IP, even the instance is in the same subnet, the traffic still goes out of the VPC to internet via internet gateway, and then enters back into the VPC. Thus it's NAT, and the source Private IP is hidden by the Public IP, and by your settings, there is no security group rules allow that kind of traffic.
顺便说一句,如果您使用公共IP连接到同一VPC中的另一个主机,则AWS将向您收取网络流量.
BTW, if you use Public IP to connect to another host in the same VPC, AWS will charge you for network traffic.
这篇关于允许VPC中的实例进行连接的AWS安全组无法通过公共IP工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
