2

TL;DR TCP traffic was blocked internally, that's why I couldn't do the requests at that time

I'm having some troubles trying to make HTTP / HTTPS requests from a EC2 instance on AWS.

The instance public IP is working, and I can connect via SSH.

IT WORKS When I try to ping or nslookup a domain:

[root@my-instance etc]# ping google.com
PING google.com (172.217.15.110) 56(84) bytes of data.

BUT when I try to curl an url I've got this:

# curl -v https://google.com
* Rebuilt URL to: https://google.com/
*   Trying 172.217.164.174...
* TCP_NODELAY set
*   Trying 2607:f8b0:4004:803::200e...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4004:803::200e: Network is unreachable
*   Trying 2607:f8b0:4004:803::200e...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4004:803::200e: Network is unreachable
*   Trying 2607:f8b0:4004:803::200e...
...

I've got other instances associated to the same VPC and with the same outbound settings, this is the only one which blocks the outgoing requests.

Some details about the network:

Instance Security Group Outbound settings: Security group outbound settings

The Subnet attached is also connected to an Internet Gateway: subnet route settings

And these are the ACL traffic settings (which are the same ACL for other instances) ACL traffic settings

This instance has an Elastic-IP associated and it's on a VPC (which other instances are also connected and the outbound traffic is OK),

I've tried to attach a new security group (a clone from the original) to that instance.

Does anyone has any ideas what's happening?

AndreDurao
  • 135
  • 1
  • 1
  • 8
  • If other instances in the same subnet can do this then it's most likely a problem with the instance. Have you checked iptables? – Tim Mar 07 '19 at 20:46
  • Hi @Tim, iptables rules are all ACCEPT: iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT – AndreDurao Mar 07 '19 at 20:53
  • Note also that successfully using `nslookup` or `dig` proves almost nothing, and neither does the ability to get an IP from a hostname using `ping`, because the VPC network is designed in a way that happens to make DNS resolution extremely difficult to break. – Michael - sqlbot Mar 08 '19 at 18:32
  • TCP traffic was blocked internally, that's why I couldn't do those requests; – AndreDurao Mar 11 '19 at 20:51
  • Having the same issue, but cannot understand _TCP traffic was blocked internally_. "Blocked internally" means where: at the unix level? VPC? – esteewhy Apr 18 '19 at 09:45
  • 1
    @esteewhy Did you received any e-mails from AWS with the title "Your Amazon EC2 Abuse Report ..." ? – AndreDurao Apr 18 '19 at 10:26
  • hey @AndreDurao, i know its an old thread - but is there any chance that u still remember what was the exact problem? what does it mean that your _TCP traffic was blocked internally_? – Gonras Karols Oct 08 '22 at 13:14

1 Answers1

0

I believe this error is considered to be temporary. I was able to get it to work by running the same command after some time. You could also try to de-associate/associate your elastic IP and rerun the command.

There're some issues posted on curl repo on github that you might wanna take a look at. Hope it helps!

KareimQ
  • 76
  • 4