0

I am trying to setup 2 web instances in a private network and put an internet facing load balancer infront of my two instances.

This is what i want to achieve:

  1. The 2 private instance should be able to access resources on the internet. But the internet shouldn't be able to access the instances directly.

  2. These 2 instances should only be accessible via port 80 from the load balancer from the internet.

The reason why i want to do this is because i don't want to expose these two servers on the internet.

  1. So i've created a VCN with CIDR block 10.15.0.0/16
  2. My two private subnets are 10.15.1.0/24 and 10.15.2.0/24 respectively.
  3. My public subnet is 10.15.100.0/24
  4. Instance A is hosted on private subnet1 and Instance B is hosted on private subnet 2
  5. My Network Load Balancer is hosted in the public subnet.
  6. I've added a route in my public subnet that routes 0.0.0.0/0 traffic to my internet gateway
  7. I've added a route in my private subnets that routes 0.0.0.0/0 traffic to my NAT gateway

In the route table for subnet1 i have added a route to InstanceB

In the route table for subnet2 i have added a route to InstanceA

In the route table for public subnet i have added both a route to InstanceA and InstanceB

I have nginx hosted on both Instances.

From the instance i can ping 8.8.8.8 but from the outside i can't access the webpage using the load balancer's public IP.

A telnet to public_ip 80 works fine though. I tried to access the webpage from a browser and even did a curl but no success.

Is there something i did wrong ?

P.S i am doing these in OCI cloud

Improve this question
3
  • use a vlans, a firewall, the simple things that a Business environment Administratior usual do. Home and end-user computing questions are off topic on serverfault.com but might be on topic on superuser.com Commented Apr 3, 2024 at 5:28
  • This is not home computing. My instances are on Oracle Cloud Infrastructure Commented Apr 3, 2024 at 5:55
  • You provide a lot of detail about your network setup, but you provide no details at all over the one thing that is not working, your network load balancer. That the load balancer is listening on port 80 is a start, but that doesn't mean that is configured correctly with a pool your back-end servers, or that is has ports in the network segments you have created with your web servers. Start checking that config. - In addition usually all web servers will share a single network segment and people typically don't place each server in its own different / dedicated subnet/network segment. Commented Apr 4, 2024 at 8:56

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.