发表新帖
发表新帖

How to connect to outside world from amazon vpc?

后端 未结
关注
11 1179
甜味超标
甜味超标 2020-12-22 15:38

I have amazon VPC set through wizard as \"public only network\", so all my instances are in public subnet.

Instances within VPC that have Elastic IP assigned connect

相关标签:
11条回答
  • 走了就别回头了
    2020-12-22 16:29

    Q. How do instances without EIPs access the Internet?

    Instances without EIPs can access the Internet in one of two ways Instances without EIPs can route their traffic through a NAT instance to access the Internet. These instances use the EIP of the NAT instance to traverse the Internet. The NAT instance allows outbound communication but doesn’t enable machines on the Internet to initiate a connection to the privately addressed machines using NAT, and

    http://aws.amazon.com/vpc/faqs/

    You can find detailed instructions on how to setup a nat instance here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html enter image description here

    0 讨论(0)
  • Happy的楠姐
    2020-12-22 16:30

    It appears that the only way to get outside from instances that don't have Elastic IP is:

    • add a NAT (Launch an extra m1.small instance from ami-vpc-nat-beta) and assign EIP to it
    • Create an extra subnet which will be "private"
    • Move non-EIP-instances to that private subnet
    • Modify route tables: 0.0.0.0/0 from the private subnet should go to NAT

    So, just adding NAT is not enough. Instances should be stopped and moved to another IP from another subnet.

    0 讨论(0)
  • 庸人自扰
    2020-12-22 16:30

    You can do it on any instance in your VPC, that has EIP. There few instructions that i described here should help you. BTW: don't forget disable source/dest. check

    0 讨论(0)
  • 闹比i
    2020-12-22 16:31

    They have a relatively new product called NAT gateway that does exactly this, creates a managed NAT instance at the edge of your pub/private subnets.

    0 讨论(0)
  • 臣服心动
    2020-12-22 16:33

    This works for me with :

    • VPC subnet 172.20.0.0/16
    • EC2 "nat" gateway 172.20.10.10 with EIP

    To do :

    • Set disabled source/dest. check on your "nat gw"
    • create a new "nat-sub" subnet ex: 172.20.222.0/24
    • modify route 0.0.0.0/0 to 172.20.10.10 (my nat gw) for "nat-sub"
    • create a EC2 using "nat-sub"
    • on your nat gateway as root, try :

    root@gw:~# sysctl -q -w net.ipv4.ip_forward=1 net.ipv4.conf.eth0.send_redirects=0

    root@gw:~# iptables -t nat -C POSTROUTING -o eth0 -s 172.20.222.0/24 -j MASQUERADE 2> /dev/null || iptables -t nat -A POSTROUTING -o eth0 -s 172.20.222.0/24 -j MASQUERADE

    if it works, add this 2 lines in /etc/rc.local

    0 讨论(0)
 看不清?
提交回复
热议问题