1

I am new to using EC2 and have a question which hopefully is easy to answer - I have a public IP and DNS and a private IP and DNS for my EC2 instance. From my laptop workstation , I can ping public-IP , no problem. When I ssh to the public-ip from my laptop ssh ubuntu@public-ip this takes me to the private ip prompt ubuntu@private-ip. I believe the Network Address Translator is coming in the way and translating the public IP to the private IP and ssh's me in to the private IP. An ifconfig there shows me the private ip as expected. The problem is now I cannot do a ping laptop IP from the EC2 instance private IP as expected.

P:S. Here is an excerpt from the amazon.com that may be relevant here:

Each instance that receives a public IP address is also given an external DNS hostname; for example, ec2-203-0-113-25.compute-1.amazonaws.com. We resolve an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IPv4 address of the instance from within the network of the instance. The public IP address is mapped to the primary private IP address through network address translation (NAT). For more information about NAT, see RFC 1631: The IP Network Address Translator (NAT).

What I want, is to be able to ssh to the public IP ( the prompt should show ubuntu@public IP instead of ubuntu@private IP ) so I can ping back and forth between my laptop and the EC2 instance.

Any help is greatly appreciated.

best Rohan

maddog2323
  • 19
  • 5
  • Why do you want to ping between your laptop and Amazon EC2? Is it just to test connectivity, or are you meeting some business requirement by performing a PING? It is good security practice to restrict the ability to PING because it can give-away information that can be used to breach security. – John Rotenstein May 11 '17 at 05:27

2 Answers2

2

The ping issue is unrelated to what you see.

What you see is always -- without exception -- how EC2 works, with public IP addessses. The instance is only aware of its own private IP, and the infrastructure handles an automatic 1:1 NAT between private and public addresses.

I touched on this in Why do we need private subnets in VPC?

If you can't ping the laptop, the problem is most likely on the laptop end.

Try to ping 8.8.8.8 from your EC2 instance. Or ping stackoverflow.com. Ping anything that is known to be pingable.

Alternately, use a remote looking glass, like this one to ping your laptop. Does it work?

If pinging from the instance to any destination doesn't work, then the only other explanation that comes to mind is that you might have changed the instance's outbound security group settings without understanding the implications of the change... or you've done something with iptables that wasn't what you intended... but I assume you would have mentioned these.

Community
  • 1
  • 1
Michael - sqlbot
  • 139,456
  • 21
  • 252
  • 328
0

For SSH to private ip you should be in the private network of your VPC it can be done via VPN

Shubham Bansal
  • 381
  • 1
  • 9