4

May I seek for assistance about a lab exercise on AWS VPC that I was going through? Thanks.

I created a new VPC, a public and private subnet respectively, and then launched 2 EC2 instances into each of the subnet respectively. I also setup the security groups required for pinging (ICMP) access on the private subnet security group. However, I could not ping the instance in the private subnet from the instance in the public subnet.

Below are the setup:

VPC: (CIDR block 10.0.0.0/16)

enter image description here

Public subnet: (CIDR block 10.0.1.0/24)

enter image description here

Private subnet: (CIDR block 10.0.2.0/24)

enter image description here

Route table for public subnet:

enter image description here

Route table for private subnet:

enter image description here

Security group for public facing instance:

enter image description here

Security group for private facing instance: (All ICMP - IPv4 allowed from private subnet CIDR block)

enter image description here

Public facing EC2 instance launched in public subnet:

enter image description here

Private facing EC2 instance launched in private subnet:

enter image description here

SSH-ed into public instance, but then cannot ping private instance from there:

enter image description here

Additionally, tried to SSH into the private instance from the public instance (private key already added to public instance), also failed:

enter image description here

Thank you very for your help in advance.

Improve this question
7
  • Instead of using CIDR in SG of the private instance, what happens if you use SG of the first instance as a source? Commented Jun 2, 2020 at 7:08
  • @Marcin Did a quick test, got the same result. Commented Jun 2, 2020 at 7:18
  • You haven't setup by any chance firewall on the instance in UserData that could be blocking the connections from the inside? Commented Jun 2, 2020 at 7:27
  • @Marcin no, instances are launched as they are Commented Jun 2, 2020 at 7:55
  • And network ACLs are default? Commented Jun 2, 2020 at 7:56

2 Answers 2

Reset to default
4

Finally found the problem, the security group for the public facing instance is missing an outbound rule. When this is added back, the ping is successful.

enter image description here

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

My solution was to add an Entry rule (in the private instance) with the protocole ICMP (used by ping command) and also had to add an exit rule (in the public instance) with protocole ICMP

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.