Connectivity issues with dual NIC machine in EC2

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Matt Sieker on Server Fault See other posts from Server Fault or by Matt Sieker
Published on 2012-03-23T02:09:47Z Indexed on 2012/03/23 5:31 UTC
Read the original article Hit count: 561

Filed under:
|
|
|

I'm trying to get some servers set up in EC2 in a Virtual Private Cloud. To do this, I have two subnets:

10.0.42.0/24 - Public subnet
10.0.83.0/24 - Private subnet

To bridge these two, I have a Funtoo instance with a pair of NICs:

eth0 10.0.42.10
eth1 10.0.83.10

Which has the following routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.83.0       *               255.255.255.0   U     0      0        0 eth1
10.0.83.0       *               255.255.255.0   U     203    0        0 eth1
10.0.42.0       *               255.255.255.0   U     202    0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         10.0.42.1       0.0.0.0         UG    0      0        0 eth0
default         10.0.42.1       0.0.0.0         UG    202    0        0 eth0

An elastic IP is attached to the eth0 interface, and I can connect to it fine remotely. However, I cannot ping anything in the 10.0.83.0 subnet.

For now iptables is not set up on the box, so there's no rules that would get in the way (Eventually this will be managed by Shorewall, but I should get basic connectivity done first)

Subnet details from the VPC interface:

CIDR: 10.0.83.0/24  

Destination Target
10.0.0.0/16 local
0.0.0.0/0   [ID of eth1 on NAT box]

Network ACL: Default
Inbound:
Rule #  Port (Service)  Protocol    Source  Allow/Deny
100 ALL ALL 0.0.0.0/0   ALLOW
*   ALL ALL 0.0.0.0/0   DENY

Outbound:
Rule #  Port (Service)  Protocol    Destination Allow/Deny
100 ALL ALL 0.0.0.0/0   ALLOW
*   ALL ALL 0.0.0.0/0   DENY

 

CIDR: 10.0.83.0/24   VPC:

Destination Target
10.0.0.0/16 local
0.0.0.0/0   [Internet Gateway ID]

Network ACL: Default (replace) 
Inbound:
Rule #  Port (Service)  Protocol    Source  Allow/Deny
100 ALL ALL 0.0.0.0/0   ALLOW
*   ALL ALL 0.0.0.0/0   DENY

Outbound:
Rule #  Port (Service)  Protocol    Destination Allow/Deny
100 ALL ALL 0.0.0.0/0   ALLOW
*   ALL ALL 0.0.0.0/0   DENY

I've been trying to work this out most of the evening, but I'm just stuck. I'm either missing something obvious, or am doing something very wrong. I would think I'd be able to ping from either interface on this box without issue.

Hopefully some more pairs of eyes on this configuration will help.

EDIT:

I am an idiot. After I bothered to install nmap to run some more tests, I discover I can see the ports, and connect to them, pings are just being blocked.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about amazon-ec2

Related posts about routing

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle