Question

我有麻木不仁会把我称之为“仅公开网络”,因此我的所有情况都放在公共网。

具有弹性的IP公司在无任何麻烦的情况下与互联网连接的VPC内部的事例。

但是,没有弹性的IP就能够连接任何地方。

互联网门户已经开通。 ole鱼的路线表像

Destination Target 
10.0.0.0/16 local
0.0.0.0/0   igw-nnnnn

内部检查线

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0
default         10.0.0.1        0.0.0.0         UG    100    0        0 eth0

我试图在属于某一事件的安保团体中将一切有出入的交通开放至0.00。还是没有成功。

~$ ping google.com
PING google.com (74.125.224.36) 56(84) bytes of data.
^C
--- google.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5017ms

我能做些什么?

Answer 1

看来,从没有弹性的知识产权的情况外出的唯一途径是:

Create a NAT Gateway or NAT instance
- Must be public with an Elastic IP assigned
- NAT Gateways are a newer solution, are recommended by AWS, and are fully-managed (low maintenance).
- NAT instances are an older way, are not recommended by AWS, but are available as a self-managed option that gives you full control. You can launch an extra m1.small instance from ami-vpc-nat-beta
Create an extra subnet which will be "private"
Move non-EIP-instances to that private subnet
Modify route tables: 0.0.0.0/0 from the private subnet should go to NAT

因此,仅仅增加NAT是不够的。应当停止这种情况,从另一个子网转移到另一个IP。

Answer 2

http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html”rel=“noreferer”

Answer 3

<>Q>。为什么没有EIPs进入互联网?

Instances without EIPs can access the Internet in one of two ways Instances without EIPs can route their traffic through a NAT instance to access the Internet. These instances use the EIP of the NAT instance to traverse the Internet. The NAT instance allows outbound communication but doesn’t enable machines on the Internet to initiate a connection to the privately addressed machines using NAT, and

。

You can find detailed instructions on how to setup a nat instance here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html enter image description here

Answer 4

Or create a NAT Instance within the public VPC and add a static route to that NAT instance

路线添加——净额0.00.0.00

where 10.0.0.5 is your nat instance, just make sure your the security group which contains the NAT instance can accept internal traffic from the boxes you require internet access

Answer 5

You can do it on any instance in your VPC, that has EIP. There few instructions that i described here should help you. BTW: don t forget disable source/dest. check

Answer 6

www.un.org/spanish/ecosoc 安保小组——>

*   ALL Traffic ALL     ALL     0.0.0.0/0   Allow

Please allow Outbound, if you want to connect to external servers like google.com or even want to update- sudo apt-get update

你们可以允许使用AWS前端进入安全团体;

确保你选择适当的团体参加你们的协会

Answer 7

他们拥有一个称为NAT网关的相对较新的产品,从而在贵国公共/私人网络的边缘创造了一个经过管理的NAT。

Answer 8

没有EIPs的事例可以以两种方式进入互联网,而没有EIPs的事例则可以通过NAT公司通过互联网进入。这些情况利用国家航空航天局的EIP引向互联网。 NAT案允许有外包通信,但并未使互联网上的机器能够启动与使用NAT的私人机器的联系。

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html>

Answer 9

Did you check the Network ACL on the subnet?

Cross check the security groups for rules.

路线表看重罚款。它应当发挥作用。

Answer 10

这有利于我:

VPC subnet 172.20.0.0/16
EC2 "nat" gateway 172.20.10.10 with EIP

为此:

Set disabled source/dest. check on your "nat gw"
create a new "nat-sub" subnet ex: 172.20.222.0/24
modify route 0.0.0.0/0 to 172.20.10.10 (my nat gw) for "nat-sub"
create a EC2 using "nat-sub"
on your nat gateway as root, try :

root@gw:~# sysctl -q -w net.ipv4.ip_forward=1 net.ipv4.conf.eth0.send_redirects=0

root@gw:~# iptables -t nat -C POSTROUTING -o eth0 -s 172.20.222.0/24 -j MASQUERADE 2> /dev/null || iptables -t nat -A POSTROUTING -o eth0 -s 172.20.222.0/24 -j MASQUERADE

如果它发挥作用,则在/etc/rc. Local中增加2行。

友情链接