Link a domain to Amazon lightsail, ubuntu

Question

I'm unable to ping domain name or amazon static ip from the lightsail instance (attached to that static ip)

Bought a domain name (say, test.com) from Google.
Created an Amazon Lightsail ubuntu 16.04 instance & attached a static IP
Enabled firewall on lightsail instance & allowed ports ssh/http/https
DNS settings added on google domain as below

Using google domain name servers

Registered host: www.test.com -> Amazon static ip

Custom resource records: @ -> A -> Amazon static ip

Custom resource records: www -> A -> Amazon static ip

After all the above steps, am able to access test.com from web-browser

Now the issue is, am unable to ping test.com from lightsail instance (the same created in step-2). To add, am able to ping google.com from the same instance. I'm doubting if any route missed.

Can someone guide me here. Many thanks.

score 1 · Answer 1 · answered Nov 15 '17 at 03:37

1

Ping is uses the ICMP protocol, and the Lightsail firewall rules do not have a way to allow that protocol so that instances to be pinged from the Internet -- they only allow TCP and UDP. All outbound traffic is allowed, and the firewall is stateful, so you can ping out but not in.

answered Nov 15 '17 at 03:37

Michael - sqlbot

169,571
25
353
427

Hi Michael - sqlbot Thank you for sharing the info. Am wondering, how ping for google.com is successful, from the same instance. – Gopi Nov 15 '17 at 04:04
You can ping **out** because the firewall is stateful -- it allows the reply because it remembers the request. – Michael - sqlbot Nov 15 '17 at 04:11
As of April 19, 2021, you can now select ICMP as the protocol in Lightsail firewall rules. – Johnny Tisdale Apr 19 '21 at 15:00

score 0 · Answer 2 · answered Oct 08 '19 at 04:51

0

Even it is late, it might be useful for someone. In lightsail just add new rule Allow TCP+UDP 0-65535.

answered Oct 08 '19 at 04:51

Dilshod

147
4
12

You want to allow all ports? – RalfFriedl Oct 08 '19 at 05:13
I couldn't find another way yet. – Dilshod Oct 08 '19 at 05:27
You should explain what your answer does. Imagine someone copying this blindly in a production. – Apr 11 '20 at 17:47
I would discourage this. As of April 19, 2021, you can now select ICMP as the protocol in Lightsail firewall rules. – Johnny Tisdale Apr 19 '21 at 14:59

score 0 · Answer 3 · answered Apr 19 '21 at 14:58

As of April 19, 2021, the protocol options in Lightsail firewall rules now include:

Ping (ICMP)
Custom ICMP
All ICMP

I have successfully got a Lightsail instance to respond to pings by selecting the first option, Ping (ICMP). No port selection is required. I recommend adding an IP restriction for enhanced security, if your use case allows.

Link a domain to Amazon lightsail, ubuntu

3 Answers3