Unsolved AWS routing question
-
I have subnet which has a server with a public facing IP. I added another server to the same subnet with only a private IP. There is no need for this server to have a public IP. I want it to route through the NAT like other subnets.
So I ssh into my new server and realize there is no internet connectivity. I go over to the subnet route tables and I configured an Internet Gateway because of the server with a public IP. I tried to add the NAT to the routing table and it failed.
Is there anyway to get this system an internet connection through the NAT without changing subnets?
-
@IRJ is the server with a public IP running a router?
-
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
-
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
-
Do I understand this correctly? you have a subnet with two different IP ranges on it - one being a public IP, and the other being private?
Whatever device is acting as the router for that subnet would need to understand how to route both of those networks to make that work.
And now for the patented @JaredBusch FFS moment.
-
@Dashrender said in AWS routing question:
Do I understand this correctly? you have a subnet with two different IP ranges on it - one being a public IP, and the other being private?
Whatever device is acting as the router for that subnet would need to understand how to route both of those networks to make that work.
And now for the patented @JaredBusch FFS moment.
No that is not how it works. The Public IPs are attached to NIC not the subnet.
-
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
-
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
-
@IRJ said in AWS routing question:
@Dashrender said in AWS routing question:
Do I understand this correctly? you have a subnet with two different IP ranges on it - one being a public IP, and the other being private?
Whatever device is acting as the router for that subnet would need to understand how to route both of those networks to make that work.
And now for the patented @JaredBusch FFS moment.
No that is not how it works. The Public IPs are attached to NIC not the subnet.
Aww - I see how I misread the post.
The firewall is (I'm assuming) NATing 1:1 for the original server to a real IP, but that server itself has an internal IP for the internal subnet?
You could setup another IP on the firewall that the rest of the traffic flows out from on a many:1 setup.
-
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
-
If the router device as JB said, isn't doing a 1:1 NAT for the original server, than yeah, you could use that same IP outbound for everything on the network, you just need to configure for that setup.
-
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
You want Server A (with public & private) to talk only to Server B (private only)?
-
@Dashrender said in AWS routing question:
@IRJ said in AWS routing question:
@Dashrender said in AWS routing question:
Do I understand this correctly? you have a subnet with two different IP ranges on it - one being a public IP, and the other being private?
Whatever device is acting as the router for that subnet would need to understand how to route both of those networks to make that work.
And now for the patented @JaredBusch FFS moment.
No that is not how it works. The Public IPs are attached to NIC not the subnet.
Aww - I see how I misread the post.
The firewall is (I'm assuming) NATing 1:1 for the original server to a real IP, but that server itself has an internal IP for the internal subnet?
You could setup another IP on the firewall that the rest of the traffic flows out from on a many:1 setup.
Yeah so any traffic not destined for 10.x.x.x is going through an internet gateway which connects through public IP.
-
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
You want Server A (with public & private) to talk only to Server B (private only)?
Yes and then I went server B to go out to the internet through the NAT device. I dont want it dependent on Server A in anyway.
-
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
You want Server A (with public & private) to talk only to Server B (private only)?
Yes and then I went server B to go out to the internet through the NAT device. I dont want it dependent on Server A in anyway.
If Server A has no public NIC, then it has to talk to a NAT router someplace. You only have Server A and Server B. So where is the NAT happening?
-
This post is deleted! -
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
You want Server A (with public & private) to talk only to Server B (private only)?
Yes and then I went server B to go out to the internet through the NAT device. I dont want it dependent on Server A in anyway.
If Server A has no public NIC, then it has to talk to a NAT router someplace. You only have Server A and Server B. So where is the NAT happening?
Right - I'm trying to see if you have a multi-homed machine (i.e. two NICs - one plugged into internet, and one plugged into internal subnet)? or do you have two IPs assigned to the same NIC in Server A?
-
@Dashrender said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
You want Server A (with public & private) to talk only to Server B (private only)?
Yes and then I went server B to go out to the internet through the NAT device. I dont want it dependent on Server A in anyway.
If Server A has no public NIC, then it has to talk to a NAT router someplace. You only have Server A and Server B. So where is the NAT happening?
Right - I'm trying to see if you have a multi-homed machine (i.e. two NICs - one plugged into internet, and one plugged into internal subnet)? or do you have two IPs assigned to the same NIC in Server A?
One NIC with two assigned IPs
-
@IRJ said in AWS routing question:
@Dashrender said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ said in AWS routing question:
@JaredBusch said in AWS routing question:
@IRJ is the server with a public IP running a router?
Nope
Then that is your problem. It has no idea what to do with these requests coming in from the other machine.
Yeah so I am guessing I am better off just putting this box on a new subnet all together.
What you want to do is entirely possible. Just the device with the public IP needs to be setup to route traffic.
What I really want to do which I dont know if this is possible is route any requests from it's IP to the NAT instead of internet gateway.
You want Server A (with public & private) to talk only to Server B (private only)?
Yes and then I went server B to go out to the internet through the NAT device. I dont want it dependent on Server A in anyway.
If Server A has no public NIC, then it has to talk to a NAT router someplace. You only have Server A and Server B. So where is the NAT happening?
Right - I'm trying to see if you have a multi-homed machine (i.e. two NICs - one plugged into internet, and one plugged into internal subnet)? or do you have two IPs assigned to the same NIC in Server A?
One NIC with two assigned IPs
So the router that's on that 'subnet' is only aware of the Public IP range info, I'm guessing - right? The router doesn't know about 10.x.x.x, even though that data is on the wire. You'd need to make the router also One NIC with two IPs.. then setup NAT routing out.
-
Thanks @JaredBusch for reminding me to look at the OP - this is AWS.... so ...
