新的 AWS EC2 出站流量问题?

新的 AWS EC2 出站流量问题?

我一直在遵循 LinuxAcademy 上的教程来设置 VPC 和 EC2 实例。我已正确完成所有操作,并启动了实例,然后通过 ssh 进入实例,然后尝试更新 yum 并收到此错误:

Could not retrieve mirrorlist http://repo.us-east-2.amazonaws.com/latest/main/mirror.list error was
12: Timeout on http://repo.us-east-2.amazonaws.com/latest/main/mirror.list: (28, 'Connection timed out after 5001 milliseconds')


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Disable the repository, so yum won't use it by default. Yum will then
        just ignore the repository until you permanently enable it again or use
        --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>

     4. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: amzn-main/latest

因此我再次检查了以下内容:

  • 有公共弹性 IP

  • IGW 设置

  • 公共子网设置,并且 ACL 允许所有出站流量通过 0.0.0.0/0

  • 安全组允许所有出站流量

最后,当我查看这些设置时,我对该实例感到不满意,现在当我尝试 ssh 重新登录时,它只是超时,而且我也无法远程 ping ip。

我也尝试过重新启动实例,但没有帮助。

编辑:这是我的屏幕截图以及我正在尝试设置的教程中的图表

sec_g1

sec_g2

sec_g3

NACL1

氯化钠

氯化钠

图表

答案1

您的问题出在您的 NACL 上。您仅允许端口 22/tcp 和 80/tcp 上的入站。

当您建立 Web 连接时,它会在端口 80 或 443 上出站,但会在一个随机的高端口上返回。安全组是一种有状态的连接,将允许返回连接,但不允许网络 ACL。

如果您允许 1024-65535/tcp 您的网络连接应该可以正常工作。

相关内容