Amazon AWS NAT 网关不工作,EC2 未在 ECS 集群中注册 [英] Amazon AWS NAT Gatway not working, EC2 doesn't register in ECS Cluster
问题描述
我确信我的 EC2 实例和集群配置正确,并且由于网络配置它们不会注册.
I'm convinced that my EC2 instance and cluster are configured correctly and that they won't register due to the network configuration.
我正在从自动扩展组构建 EC2 实例,如果我创建/将弹性 IP 与它们关联,它们将注册但是我无法将它们连接到 NAT,因为它们会自动扩展我需要他们使用 NAT 向集群注册自己.
I am building EC2 instance from a auto-scaling group, they will register if I create/associate an Elastic IP to them however I cannot get them to NAT, as they will be auto-scaled I need them to use NAT to register themselves with the cluster.
我在网络 10.0.0.0/0
我在 10.0.0.0/24、10.0.1.0/24 和 10.0.0.0/24 范围内的 3 个区域中有 3 个子网10.0.2.0/24.
I have 3 subnets in 3 regions on ranges 10.0.0.0/24, 10.0.1.0/24 & 10.0.2.0/24.
我想使用亚马逊的 NAT 网关 不要与 NAT Instance 混淆,后者是一个 AMI 来执行此功能.
I want to use Amazon's NAT Gateway not to be confused with NAT Instance which is an AMI to do this functionality.
我一直在关注本指南@http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html
I have been following this guide @ http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html
(目前)我有一个路由表(所有 3 个子网都分配给它)如下...
(For now) I have a single route table (which all 3 subnets are assigned to) which is as follows...
10.0.0.0/16 | local
0.0.0.0/0 | nat-******
NAT 网关位于 10.0.2.19.
安全组如下
Inbound
ALL TRAFFIC | ALL PROTOCOLS | ALL PORT RANGE |SOURCE: 0.0.0.0/0
Outbound
ALL TRAFFIC | ALL PROTOCOLS | ALL PORT RANGE |DESTINATION: 0.0.0.0/0
网络 ACL 是
Inbound
Rule # | Type | Protocol | Port Range | Source | Allow / Deny
100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 | ALLOW
* | ALL Traffic | ALL | ALL | 0.0.0.0/0 | DENY
Outbound
Rule # | Type | Protocol | Port Range | Destination | Allow / Deny
100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 | ALLOW
* | ALL Traffic | ALL | ALL | 0.0.0.0/0 | DENY
这表明一切都是允许的?
Which suggests everything is allowed?
我已将 IP 附加到一个实例,然后通过 VPC 连接到另一个实例并尝试 ping NAT 网关,但未成功,但我不明白为什么?这里的一切都设置的很简单,没有什么意义?
I have attached a IP to one instance then connected over the VPC to another instance and try to ping the NAT gateway which is unsuccessful but I don't understand why? Everything here is set quite simply and it doesn't quite make sense?
非常感谢帮助:)
推荐答案
您将所有 3 个子网都设为私有.NAT 网关必须在公共子网中,并且它的路由表应该有一个条目 0.0.0.0/0 应该路由到 internet gateway.
You have all 3 subnets as private. The NAT gateway has to be in public subnet and its routing table should have an entry 0.0.0.0/0 which should route to the internet gateway.
如果 0.0.0.0 路由到自身,您希望 NAT 网关如何路由 Internet 流量?
How do you expect the NAT gateway to route internet traffic, if 0.0.0.0 is routed to itself?
你如何解决这个问题?在公共子网中创建 NAT 网关,或确保 NAT 网关所在子网 (10.0.2.0/24) 的路由表具有正确的互联网流量路由.
How do you fix this? Create your NAT gateway in the public subnet or make sure the routing table for the subnet the NAT gateway is in (10.0.2.0/24) has the correct route for internet traffic.
您需要有 2 个路由表.一个用于 NAT 网关所在的子网.另一个路由表用于将互联网流量发送到 NAT 网关的私有子网.
You need to have 2 routing tables. One for the subnet the NAT gateway is in. The other routing table is for private subnets that send internet traffic to the NAT gateway.
这篇关于Amazon AWS NAT 网关不工作,EC2 未在 ECS 集群中注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
