如何从亚马逊 vpc 连接到外部世界? [英] How to connect to outside world from amazon vpc?

问题描述

我通过向导将亚马逊 VPC 设置为仅限公共网络"，所以我的所有实例都在公共子网中.

I have amazon VPC set through wizard as "public only network", so all my instances are in public subnet.

VPC 中分配了弹性 IP 的实例可以毫无问题地连接到互联网.

Instances within VPC that have Elastic IP assigned connect to internet without any troubles.

但是没有弹性 IP 的实例无法连接到任何地方.

But instances without elastic IP can't connect anywhere.

互联网网关存在.aws 控制台中的路由表看起来像

Internet gateway is present. Route table in aws console looks like

Destination Target 
10.0.0.0/16 local
0.0.0.0/0   igw-nnnnn

和从内部实例显示的路由

and route from inside instance shows

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0
default         10.0.0.1        0.0.0.0         UG    100    0        0 eth0

我尝试在实例所属的安全组中将所有入站和出站流量打开到 0.0.0.0/0.仍然没有成功.

I tried to open ALL inbound and outbound traffic to 0.0.0.0/0 in security group that an instance belongs to. Still no success.

~$ ping google.com
PING google.com (74.125.224.36) 56(84) bytes of data.
^C
--- google.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5017ms

我还能做什么?

推荐答案

看来，从没有 Elastic IP 的实例中脱离出来的唯一方法是:

It appears that the only way to get outside from instances that don't have Elastic IP is:

• 添加一个 NAT(从 ami-vpc-nat-beta 启动一个额外的 m1.small 实例)并为其分配 EIP
• 创建一个额外的私有"子网
• 将非 EIP 实例移动到该私有子网
• 修改路由表:来自私有子网的 0.0.0.0/0 应该转到 NAT

所以，仅仅添加 NAT 是不够的.应该停止实例并将其从另一个子网移动到另一个 IP.

So, just adding NAT is not enough. Instances should be stopped and moved to another IP from another subnet.

这篇关于如何从亚马逊 vpc 连接到外部世界?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！