0

i created my own sec group with the rules that allow http , https, ssh over 22, icmp. But somehow 'ping public_ip' from my bash not working.

I know the problem should be either in nacl or sec group.

nacl inbound rules(std, i did not change):

  • 100 - source: 0.0.0.0/0 - All traffic allow
  • '*' 0.0.0.0/0 - All traffic deny

sec group:

–
sgr-04d94a952ec860ae0   IPv4    All ICMP - IPv4 ICMP    All 0.0.0.0/0   –

–
sgr-024a8c2d7b5d0655b   IPv4    HTTP    TCP 80  0.0.0.0/0   –

–
sgr-0850c40886cae6d8e   –   All traffic All All sg-0dfbcaaeddb9d6290 / default  –

–
sgr-0d8d763897c3887c1   IPv6    HTTPS   TCP 443 ::/0    –

–
sgr-03cd30e21cf350d33   IPv4    SSH TCP 22  0.0.0.0/0   –

–
sgr-00d6311720aeb475f   IPv6    HTTP    TCP 80  ::/0    –

–
sgr-09439547961e2f68f   IPv4    HTTPS   TCP 443

checking with ping does not work.... : ping 3.209.9.15 -> 'request time out'

explicit ssh does not work!

ssh -i minikube_keypair.pem ubuntu@ec2-3-209-9-15.compute-1.amazonaws.com
ssh: connect to host ec2-3-209-9-15.compute-1.amazonaws.com port 22: Connection refused
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
ERJAN
  • 23,696
  • 23
  • 72
  • 146
  • Ping is only useful for testing whether Ping works. Rather than using Ping, you should concentrate on getting your _actual_ service to work (eg SSH or HTTP). The fact that you are receiving a `Connection refused` indicates that ssh managed to successfully connect to the instance, but the connection was refused. Add `-vvv` to your command (eg `ssh -vvv ...`) to obtain debug information. It is likely that the keypair is being refused. – John Rotenstein Nov 21 '22 at 08:51
  • 1
    Is the EC2 deployed in public subnet as just having public ip doesnt guarantee the route exists for it. – Vikram S Nov 21 '22 at 10:01
  • @JohnRotenstein here s what i got: debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/erjan/.ssh/known_hosts2' debug2: resolving "ec2-52-7-61-134.compute-1.amazonaws.com" port 22 debug2: ssh_connect_direct debug1: Connecting to ec2-52-7-61-134.compute-1.amazonaws.com [52.7.61.134] port 22. debug1: connect to address 52.7.61.134 port 22: Connection refused ssh: connect to host ec2-52-7-61-134.compute-1.amazonaws.com port 22: Connection refused – ERJAN Nov 21 '22 at 15:57

1 Answers1

1

the problem was i deleted internet gateway.

do 2 things:

  • check if you have internet gateway (if not - create it & attach to vpc)
  • check if route attached to your subnet has a rule that uses internet gateway.

the rule in the route table can look like this:

0.0.0.0/0   igw-067c712c04da342ee    Active No
ERJAN
  • 23,696
  • 23
  • 72
  • 146