I used the VPC setup wizard to create a type #2 VPC (public and private subnet). I create a jump box in public and a server in the private subnet. I can SSH into the jump box and from there into the server running on the private subnet. However once I'm on server on the private subnet, I can't get to the internet or run yum. What am I missing? Everything I'm reading says I should be done and able to start accessing the internet from the private subnet without doing anything special to routing tables.
Why can't I access the internet from my private subnet on an AWS VPC?
1.9k views Asked by mlbiam At
2
There are 2 answers
0
On
Did you perhaps create a new Security Group for the "private server" during launch?
If so, you would have found that, by default, the Security Group for your NAT EC2 instance (created by the Wizard) wouldn't have allowed traffic from the "private server security group" (initially, the NAT instance Security Group only allows inbound traffic from the NAT instance Security Group).
To allow the "private server" to access the internet, one would need to explicitly add the "private server security group" to the NAT Instance Security Group's Inbound rules.
For example:
Private Server 1 EC2 Instance
- VPC = "MyVPCID"
- Security Group = "private server security group"
NAT EC2 Instance
- VPC = "MyVPCID"
- Security Group = "default"
- Inbound: All from "default" <-- there by default
- Inbound: All from "private server security group" <-- add this rule
You should of course also make sure that you have:
- an internet gateway in the route table used by the subnet used by the NAT instance (should have been created by the Wizard)
- a route to the NAT instance in the route table used by the subnet used by the "private server" (should have been created by the Wizard)
There could be a lot of reasons, because of various configuration errors, but most common problem is when you neglect to an an internet gateway to your VPC.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html