0

I have 2 servers: One is a physical server and another is a private EC2 instance in a VPC on AWS. I need to configure this EC2 instance to allow the physical server to connect to it via port 27017 (Mongo's Default Port). Here is what I did so far:

  1. Added the domain for the Ec2 instance to the phsyical server's resolver so that there is DNS resolution.
  2. Add the physical server's public IP the SGs for the private Ec2 instance.

After doing this, the physical server can now resolve the host with it's internal IP (the Ec2 instance) but I can't telnet to the host on 27017 as it times out. I'm assuming there is some form of routing I have to do. So here is how this private instance is set up:

Private Instance is in a private subnet with a NAT'd gateway attached to it. It does have internet access and the public subnets can obviously talk to it.

What else would I need to consider to allow connectivity between the phsyical server and the private EC2 instance? I will try to explain this as best as possible:

VPC----------------------- | | IGW NATd Instance | | Pub Sub (3 pub subnets) Priv Subnet- (3 private subnets) | | Bastion host 3 Mongo Servers one on each subnet
Improve this question

1 Answer 1

Reset to default
3

It sounds like you have an EC2 server in a private subnet, with outgoing internet access via a NAT gateway. This doesn't provide any inbound access, by design of those components. It could also be that you have a single subnet in a VPC that's public, but your question is ambiguous.

Can your EC2 instance can ping the physical server, assuming you've opened appropriate firewalls / security groups? I assume so, since it has outgoing internet access.

To solve this you need to put your EC2 instance into a public subnet with an attached internet gateway, or put in some kind of a proxy in the public subnet that is publicly addressable.

If you can clarify your configuration, ideally both with expanding your question and a diagram, I can probably provide more guidance.

Improve this answer
7
  • What about adding an EIP to the instance? Would something like that work? Commented Aug 16, 2017 at 20:20
  • 1
    You should use an elastic IP, but for that to be available publicly you need an internet gateway not a nat gateway. As I said, your question is somewhat ambiguous, if you can provide a diagram and disambiguate your question I can provide more help. Commented Aug 16, 2017 at 20:23
  • I did the best i could with providing a rough diagram of my setup. Hopefully that helps. Let me know if there is something specific you need me to add Commented Aug 16, 2017 at 20:28
  • 1
    You need to supply a proper network diagram, or more accurately describe the AWS environment. Right not the question is likely to be closed with "not enough information". My answer is still accurate though, you need to put your server into a public subnet or put in a proxy. Commented Aug 16, 2017 at 20:48
  • 1
    Perhaps you should consider my answer more fully and try to implement it. It shouldn't take very long, and I'm confident it will work. You only need to give more information if it doesn't work. Commented Aug 16, 2017 at 20:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.