3

I am using two public subnets in two availability zones, and then two private subnets in those same availability zones. I have an elastic load balancer that forwards traffic to my EC2 instances in the private subnets.

I have a bastion server in the public subnet and that is how I can reach the instances in the private subnets.

I can SSH to the bastion server, SSH into the servers from there on the private subnets, and on those servers I can successfully run sudo yum update, my load balancer can talk to them, etc, BUT I cannot git pull from Bitbucket (it just hangs)...

I even tried updating the Network ACL on the private subnets to allow all traffic and that didn't work either, so the issue appears to not be the Network ACL.

EDIT: I forgot to mention that I have NAT Gateways configured and I can make HTTP and HTTPS requests to the outside world from my private subnet...

EDIT (screenshots of route tables):

Private table 1: Private table 1

Private table 2: Private table 2

Public table: Public table

EDIT (Network ACLs):

Private inbound: Private inbound Network ACL

Private outbound: Private outbound Network ACL

Public inbound: Public inbound Network ACL

Public outbound: Public outbound Network ACL

Any ideas why I can't git pull?

lorenzo
  • 31

2 Answers2

2

What is in your Private subnet Route Table? I strongly suspect that you don’t have a NAT Gateway configured and route to the Internet set through the NAT.

See here for more info about why may you need a NAT Gateway for private subnets: NAT gateway for EC2 instances

Hope that helps :)

MLu
  • 26,247
0

The underlying issue was that the network traffic was making it out of the private subnet and not into the public subnet (where it was supposed to depart and go to the public internet). I had to update the SSH rules in the Network ACL on the public subnet.

lorenzo
  • 31