2

An ec2 instance from a RHEL ami (i havent checked any other) only has the private address assigned to it.

i.e. ip addr yields:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
    valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:6d:c3:86:ce:e0 brd ff:ff:ff:ff:ff:ff
    inet 172.39.16.198/20 brd 172.39.31.255 scope global eth0
    inet6 fe80::6d:c2ff:fe86:cee0/64 scope link 
    valid_lft forever preferred_lft forever

the public IP is working and the machine can be reached through it. It can can access the internet via the VPC's gateway.

But how do I make sure the interface has the public IP, so outgoing packages actually contain the correct IP? This is necessary for ipsec to work properly.

Rico
  • 2,305
aep
  • 207

1 Answers1

3

Well, you can't explicitly assign public IPs to AWS instance at the OS level. Amazon has their datacenter behind a firewall(s) and the instances all have private IP addresses that are being NATed to a public IP.

So to the outside they look like a public IP but internally they have their private IPs. If you are trying to get to your instance from the outside using the public IP should be enough to get to it as it maps directly to the private IP of your instance.

Now if you have an IPsec tunnel setup directly to your instance I believe the outgoing packets will have the tunnel IP address attached to your instance.

Rico
  • 2,305