Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have a vpc with 3 subnets. the main subnet, which i use as my dmz, is the only one with internet access. so far so good, so to speak. aws problems are countless, so i decided to create a virtual machine just for my servers to access internet and name resolving, because routing tables and other stuff from amazon vpc just sucks hard. so, a virtual machine to do this work AS IT SHOULD is likely a solution. so, as a sysadmin, I created this machine, with two nics (for each subnet) and it is accessible from my workstation. the problem is: this server can't access anything outside the VPC network, even with it's default route being my igw, UNLESS i have an external ip address attached to it. well, MY VPC ALREADY HAS an external ip address (two, to be more specific), so why should this machine need one?
We do not use dhcp settings, we do use static ip and route settings.
We are currently running CentOS for all the servers.
Thanks for your help!
Code:
$ ssh quesh # the ec2 server
Last login: Wed Sep 3 12:12:12 2014 from 10.1.1.2 # hi, my internal ip address
[root@quesh ~]# ifconfig
eth0 Link encap:Ethernet HWaddr
inet addr:10.2.0.76 Bcast:10.2.0.255 Mask:255.255.255.0
inet6 addr: fe80::ec:f7ff:fe94:9b87/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:101 errors:0 dropped:0 overruns:0 frame:0
TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3672 (3.5 KiB) TX bytes:4428 (4.3 KiB)
Interrupt:247
eth1 Link encap:Ethernet HWaddr
inet addr:10.2.1.76 Bcast:10.2.1.255 Mask:255.255.255.0
inet6 addr: fe80::8a:83ff:fe27:9d38/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:456 errors:0 dropped:0 overruns:0 frame:0
TX packets:228 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34279 (33.4 KiB) TX bytes:30537 (29.8 KiB)
Interrupt:246
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@quesh ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.2.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.2.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.0.0 10.2.1.1 255.255.0.0 UG 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 # don't know, don't care
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 # don't know, don't care
0.0.0.0 10.2.0.1 0.0.0.0 UG 0 0 0 eth0
[root@quesh ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5366ms
[root@quesh ~]# ping 10.1.0.1 # the router from far-far-away
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.
64 bytes from 10.1.0.1: icmp_seq=1 ttl=63 time=14.3 ms
64 bytes from 10.1.0.1: icmp_seq=2 ttl=63 time=14.4 ms
^C
--- 10.1.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1749ms
rtt min/avg/max/mdev = 14.332/14.408/14.484/0.076 ms
[root@quesh ~]# ping 10.2.0.200 # a 10.2.0.0/24 server
PING 10.2.0.200 (10.2.0.200) 56(84) bytes of data.
64 bytes from 10.2.0.200: icmp_seq=1 ttl=64 time=1.98 ms
64 bytes from 10.2.0.200: icmp_seq=2 ttl=64 time=0.415 ms
^C
--- 10.2.0.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1301ms
rtt min/avg/max/mdev = 0.415/1.197/1.980/0.783 ms
[root@quesh ~]# ping 10.2.1.10 # a 10.2.1.0/24 server
PING 10.2.1.10 (10.2.1.10) 56(84) bytes of data.
64 bytes from 10.2.1.10: icmp_seq=1 ttl=64 time=1.07 ms
64 bytes from 10.2.1.10: icmp_seq=2 ttl=64 time=0.573 ms
^C
--- 10.2.1.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1901ms
rtt min/avg/max/mdev = 0.573/0.822/1.071/0.249 ms
[root@quesh ~]# # attaching external ip address to 10.2.0.76
[root@quesh ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=2.29 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=59 time=2.25 ms
^C
Public IP addresses enable communication over the Internet, while private IP addresses enable communication within the network of the instance (either EC2-Classic or a VPC).[1]
Public IP addresses enable communication over the Internet, while private IP addresses enable communication within the network of the instance (either EC2-Classic or a VPC).[1]
But that's why we use NAT. It's not practical to use a public IP address for every one of our servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.