0

We have an RDS instance that is not publicly accessible. We have a VPN and VPC with 172.X addresses that connects to it.

In our RDS logs, I'm seeing a LARGE number of failures, which has blocked our instance.

2023-02-01 22:14:05 1351320 [Warning] IP address '100.69.187.97' could not be resolved: Name or service not known
2023-02-01 22:14:05 1351320 [Warning] Access denied for user 'metabase_ro'@'100.69.187.97' (using password: YES)

100.X not 10.X

Note that the address 100.69.X.X is part of the IANA shared address space - ISP to ISP NAT type stuff.

https://en.wikipedia.org/wiki/IPv4_shared_address_space

The question I would have, is why is one of our servers coming in with an ISP level IP address?? They are supposedly connecting via the Tailscale VPN, but we have no control over that, the Finance folks recently installed it unannounced.

Is it safe to open up the RDS server to an ISP level IP address? 100.%.%.% address?

J. Gwinner
  • 141
  • 1
  • 7
  • 2
    I think a bit more discovery to work out where the connections are coming from is in order. VPC Flow Logs are annoying to look at but quite effective. – Tim Feb 02 '23 at 00:38
  • Thanks @Tim. I know where they are coming from, someone setup a VPN using Carrier Grade IP addresses as the client IP address when we connect. This is via Tailscale. I log on and get 100.75.254.62 for example. – J. Gwinner Feb 02 '23 at 21:36

0 Answers0