I did a script that launch several amazon instances with the same security group which is the default one, with ICMP and all the TCP/UDP connection allowed... so no firewall problem.
I am running an ubuntu 11.4 64 bits ami working fine.
Usually in the bunch of machine I launch some do not respond to any ping or telnet connection. They can ping other machines but cannot be pinged. The other machines can ping each other in two directions without any problem, but usually one or two just don't respond to any ping. There is no difference in the way I launch them, so I don't understand where this bug comes from...
How to avoid this problem and recover from it without restarting the EC2 instance?
Thanks a lot tender developpers :D.
try this
Log into AWS account.
Click on Security Groups. Choose the required security group.
Click on the Inbound tab.
Create a new rule:
Custom ICMP rule
Type: Echo request
Source: 0.0.0.0/0
0.0.0.0 will allow everyone to ping your server. You can specify your own addresses if you want.
Assuming all the instances you launch have the same security group and same ami, you need to contact amazon about this.
https://forums.aws.amazon.com/thread.jspa?threadID=22640
Related
Followed this tutorial to setup two ec2 instances: 12 . Creation of two EC2 instances and how to establish ping communication - YouTube
The only difference is I used a linux image.
I setup a simple python http server on a machine (on port 8000). But I cannot access this from my other machine; whenever I curl, the program kind of waits. (It might eventually timeout but I wasn't patient enough to witness that).
However, the workaround, I figured, was that you have to add a port rule via the security group. I do not like this option since it means that that port (for the machine that hosts the web server) can be accessed via the internet.
I was looking for an experience similar to what people usually have at home with their routers; machines connected to the same home router can reach out to other machines on any port (provided the destination machine has some service hosted on that port).
What is the solution to achieve something like this when working with ec2?
The instance is open to the internet because you are allowing access from '0.0.0.0/0' (anywhere) in the inbound rule of the security group.
If you want to the communication to be allowed only between the instances and not from the public internet. You can achieve that by assigning the same security group to both the instances and modifying the inbound rule in the security group to allow all traffic or ICMP traffic sourced from security group itself.
You can read more about it here:
AWS Reference
I'm using a Cisco client to connect to a VPN but also using Synergy (Symless) to connect to the machine. It works fine initially but will drop out after machine sleep (or sometimes seemingly randomly), then I have to restart the VPN connection. Not the end of the world, but it is irritating.
Are there any config changes I can do to Networks settings, VPN or Synergy to stop this dropping out?
Found this which I hope will fix it.
https://blog.lan-tech.ca/2013/02/21/access-local-and-vpn-network-simultaneously/
"you just need to add the local devices to the windows routing tables so that it knows to access them when the VPN is active.
See the windows “route” command – E.G. route -p add MASK 255.0.0.0 METRIC IF
To help discover what you need to use, disconnect from your VPN, make sure you can connect to your local device, then run a “route print” show the current active routes and find your device. (generally in the IPv4 Route Table)
It will also list the ‘Metric’ to use, and at the top of the listing is the “Interface List” which lists the network interfaces on your system. You’ll need to figure out which one to use. For example, I know my system has a gigabit network adapter and in the list I see a “Intel(R) Gigabit Network Connection” – bingo – that’s it. The first column is the interface id, 49 in my case.
The “-p” option makes your configuration persistent – meaning that it will be there again next time you boot.
SO, as an example, let’s say I want a local network share at 192.168.1.43 to be accessible to my machine while connected to the VPN, so I would add the route like so:
route -p add 192.168.1.43 MASK 255.0.0.0 192.168.1.1 METRIC 15 IF 49
Now if I run route print, I see this new route in the list of persistent routes for IPv4.
I turn my VPN back on, and instead of the device ‘disappearing’ as it normally does, windows can still find it because it is in the persistent route list."
I have 2 instances running on Compute engine, although the documentation says that I'm able to ping and establish a communication between these VMs I can't. I've tried the ping with VM name and ipv4 address. I also tried to configure new work-group for both VMs and nothing.
Here's the link: https://cloud.google.com/compute/docs/vm-ip-addresses
If you are communicating between instances in the same network, you
can send packets to an instance using the instance name, and the
network automatically resolves the name to the internal IP address of
the instance.
My VMs configuration:
Both are in the same network
I even turn off the firewalls
But no connection between at all.
Anyone passed for the same? someone knows what is going on?
How do I solve this issue?
This is due to firewall rules. You need to add the allow-icmp network tag in the Network tags section of the instances edit page >
You can create new Network tags to open up new ports/protocols in the VPC Network>Firewall rules section:
EDIT 1:
Please note that the 0.0.0.0/0 subnet used on the screenshot above opens up the ports to the entire internet and I only used it for demonstration purposes to avoid sharing my IPs. I would STRONGLY advise against using that subnet for firewall rules in a production environment. The internet is a dark and scary place.
This happens to us from time to time - suddenly our 2 instances cannot reach each other through API or even ping. Even though we haven't changed any firewall rules or anything. I guess it's some GCloud glitch.
Nothing we have tried works, except for restarting the instances, then everything works again. So, if anyone has the same, and nothing seems to help the issue, I suggest, as a last resort, to reboot the instances.
Each network in Google Compute Engine has its own firewall configuration which by default will block incoming traffic to your VM. See the firewall documentation to see how the default network is configured and how to apply similar rules to your custom network.
Be sure the firewall rules include the GCE subnet. In your case, it would mean that 10.10.0.0/24 has icmp allowed.
I'm not sure why the firewall rules apply within the network subnet, but apparently they do.
If you did not change network and or firewall rules and use default network and firewall rules then simply edit hosts file (open hosts on all vm, copy hosts line for each vm and add its all other vm) and then try ping. I have tried same between three centos instance and its working.
Make sure you restart the network on VMs in order to work it fine.
This helped me pretty well.
I'm facing strange problem in Azure, I'm having 3 VMs (Domain Controller, Application server and Database Server). I've joined the 2 servers correctly to the domain Controller.
after a while i discovered that I'm not able to ping from one o the servers (DB Server) to the other servers. it reply Destination host unreachable and connection time out.
the other 2 servers are working fine between each other but not the third one.
to investigate I tried
1. Shutdown the firewall on the 3 machines. No luck
2. enable the ping rule in the firewall. No luck
3. I'm not able to telnet from this server to the RDP port to any of these servers, while I'm able to do so from the other 2 servers.
4. I tried nslookup command to see if I can communicate with the DNS Server or not. it fails with time out
Keeping in mind that
1. the 3 virtual machines are in the same virtual network and same sub-net.
2. I'v added the DNS server to the DNS Servers in the Azure Portal.
any help ?!
Sounds like perhaps the you have a machine that's no registered with the DNS server. You should be able to check this by doing an nslookup -all to get details on the machine's DNS settings. Make sure its resolving to the proper DNS machine.
It seems that the Public Endpoints are down in state so telnet and ping won’t work. you can try to recover this machine by following the steps in this blog post http://blogs.msdn.com/b/mast/archive/2014/11/20/recovering-azure-vm-by-attaching-os-disk-to-another-azure-vm.aspx
Hope that helps.
I am trying to measure the latency between one of my machines, and an EC2 instance. EC2 instances cannot be pinged. So I tried using application level timestaps (using gettimeofday()). I send a tcp packet with a timestamp in the payload.
Upon receiving this packet, I calculate the timestamp on my machine, and obtain the difference. It always comes out to be negative. My guess was that the clocks in the two machines could be skewed. So I used ntp to synchronize both the machines, but the problem still persists.
Can someone please help.
EC2 instances can be pinged, if configured to allow it. I set one up for this today while trying to track down packet drops in us-west-2. In the security group protecting the instance, you add a rule to permit "ICMP Echo Request" from the source address of the machine where you're originating the ping.
See the AWS FAQ for this quote.
Why can't I ping my instance? Ping uses ICMP ECHO, which by default is
blocked by your firewall. You'll need to grant ICMP access to your
instances by updating the firewall restrictions that are tied to your
security group.
ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0
Check out the latest developer guide for details.
Section: Instance Addressing and Network Security -> Network Security
-> Examples