Closed srinivle closed 5 years ago
Please replace 0.0.0.0/24 with 0.0.0.0/0 in AWS & * in azure. This is my first observation. Change that & send me what happens
Get Outlook for Androidhttps://aka.ms/ghei36
From: srinivle notifications@github.com Sent: Tuesday, May 14, 2019 5:57:44 PM To: QT-DevOps/AWSIssues Cc: Subscribed Subject: [QT-DevOps/AWSIssues] Unable to SSH from Web to Business systems in a single tier setup (#6)
As per the suggestions and instructions received from Khaja Sir to create a single tier setup such as "Windows N-tier application on Azure with SQL Server" (https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server):
We were not able to establish the connection or SSH from "Web tier subnet" to "Business tier subnet". We have tried all possible ways and methods and even tried all traffic open options as well and still vain.
I have created my network below way and created 4 instances respectively:
VPC : LearningVPC = IPv4 = 10.0.0.0/16
Subnet: Web : IPv4 = 10.0.1.0/24 ; Public IP Enabled Business Subnet : IPv4 = 10.0.2.0/24 ; Public IP Disabled Data Subnet : IPv4 = 10.0.3.0/24 ; Public IP Disabled JumpBox Subnet : IPv4 = 10.0.4.0/24 ; Public IP Enabled
IGW Created and associated to VPC
Route table updated as 10.0.0.0/16 local 0.0.0.0/0 given IGW Subnets are also associated.
Security group : Web = All traffic open Business = All traffic open Data = All traffic open JumpBox = All traffic open
NACL : Web = All traffic rules open
Business =
Inbound:
SSH = 10.0.1.0/24 = ALLOW / SSH = 0.0.0.0/24 = ALLOW
HTTP = 10.0.1.0/24 = ALLOW / HTTP = 0.0.0.0/24 = ALLOW
HTTPS = 10.0.1.0/24 = ALLOW / HTTPS = 0.0.0.0/24 = ALLOW
ICMPv4 = 10.0.1.0/24 = ALLOW / ICMPv4 = 0.0.0.0/24 = ALLOW
Outbound:
SSH = 10.0.3.0/24 = ALLOW / SSH = 0.0.0.0/24 = ALLOW
HTTP = 10.0.3.0/24 = ALLOW / HTTP = 0.0.0.0/24 = ALLOW
HTTPS = 10.0.3.0/24 = ALLOW / HTTPS = 0.0.0.0/24 = ALLOW
ICMPv4 = 10.0.3.0/24 = ALLOW / ICMPv4 = 0.0.0.0/24 = ALLOW
Data =
Inbound:
SSH = 10.0.2.0/24 = ALLOW / SSH = 0.0.0.0/24 = ALLOW
HTTP = 10.0.2.0/24 = ALLOW / HTTP = 0.0.0.0/24 = ALLOW
HTTPS = 10.0.2.0/24 = ALLOW / HTTPS = 0.0.0.0/24 = ALLOW
ICMPv4 = 10.0.2.0/24 = ALLOW / ICMPv4 = 0.0.0.0/24 = ALLOW
Outbound:
SSH = 10.0.4.0/24 = ALLOW / SSH = 0.0.0.0/24 = ALLOW
HTTP = 10.0.4.0/24 = ALLOW / HTTP = 0.0.0.0/24 = ALLOW
HTTPS = 10.0.4.0/24 = ALLOW / HTTPS = 0.0.0.0/24 = ALLOW
ICMPv4 = 10.0.4.0/24 = ALLOW / ICMPv4 = 0.0.0.0/24 = ALLOW
JumpBox = All traffic rules open
I have tried all possible ways and checked & contacted the lab assistants and all went vain. Kindly check and investigate and let me know your inputs or help if at all I am doing wrong or missing somewhere or how you were successful and in which way. This applies with Azure as well. There also I have applied rules in NSG repectively and all went vain. No communications/SSH happen among Web & Business and Business & Data and vice versa. However, Web and JumpHost are able to communicate to the world outside.
Kindly provide your inputs or thoughts or solution in both AWS and AZURE. Thank you.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/QT-DevOps/AWSIssues/issues/6?email_source=notifications&email_token=AASTJLP33TKKEKQUH4IR3WLPVKV4BA5CNFSM4HMZNEU2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GTVFONA, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AASTJLIPPG4MSNLT3A6Y72TPVKV4BANCNFSM4HMZNEUQ.
Oops !!! I m sorry sir... It is 0.0.0.0/0 only, not 0.0.0.0/24.... Spelling & draft mistake!!! ..... It isn't working !!!
I have updated the issue now !!!
Using 0.0.0.0/0 ,
SSH connection are happening like this :::
from Web to Business - happening from Business to Data - not happening from Data to Business - not happening from JumpBox to Data - happening from Web to Data - happening from Web to Jumpbox - happening from Jumpbox to Business - happening
Its haywire
Ping is happening like this ::::
from Web to Business - happening from Business to Data - happening from Data to Business - happening from JumpBox to Data - happening from Web to Data - happening from Web to Jumpbox - happening from Jumpbox to Business - happening
But if we give respective private IP address or range even in the inbound & outbound rules then it is not at all working !!! .....
SSH from Web to Business: [ec2-user@ip-10-0-1-108 ~]$ ssh -i "QT_Test_Machine.pem" ec2-user@10.0.2.19 Last login: Tue May 14 13:52:31 2019 from 10.0.1.108
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/ [ec2-user@ip-10-0-2-19 ~]$
Ping from Web to Business: [ec2-user@ip-10-0-1-108 ~]$ ping 10.0.2.19 PING 10.0.2.19 (10.0.2.19) 56(84) bytes of data. 64 bytes from 10.0.2.19: icmp_seq=1 ttl=255 time=0.503 ms 64 bytes from 10.0.2.19: icmp_seq=2 ttl=255 time=0.546 ms 64 bytes from 10.0.2.19: icmp_seq=3 ttl=255 time=0.477 ms
SSH from Business to Data: [ec2-user@ip-10-0-2-19 ~]$ ssh -i "QT_Test_Machine.pem" ec2-user@10.0.3.218 ssh: connect to host 10.0.3.218 port 22: Connection timed out [ec2-user@ip-10-0-2-19 ~]$
Ping from Business to Data: [ec2-user@ip-10-0-2-19 ~]$ ping 10.0.3.218 PING 10.0.3.218 (10.0.3.218) 56(84) bytes of data. 64 bytes from 10.0.3.218: icmp_seq=1 ttl=255 time=0.375 ms 64 bytes from 10.0.3.218: icmp_seq=2 ttl=255 time=0.486 ms 64 bytes from 10.0.3.218: icmp_seq=3 ttl=255 time=0.510 ms
SSH from Data to Business: [ec2-user@ip-10-0-3-218 ~]$ ssh -i "QT_Test_Machine.pem" ec2-user@10.0.2.19 ssh: connect to host 10.0.2.19 port 22: Connection timed out [ec2-user@ip-10-0-3-218 ~]$
Ping from Data to Business: [ec2-user@ip-10-0-3-218 ~]$ ping 10.0.2.19 PING 10.0.2.19 (10.0.2.19) 56(84) bytes of data. 64 bytes from 10.0.2.19: icmp_seq=1 ttl=255 time=0.355 ms 64 bytes from 10.0.2.19: icmp_seq=2 ttl=255 time=0.524 ms
SSH Jumpbox to Data: [ec2-user@ip-10-0-4-209 ~]$ ssh -i "QT_Test_Machine.pem" ec2-user@10.0.3.218 The authenticity of host '10.0.3.218 (10.0.3.218)' can't be established. ECDSA key fingerprint is SHA256:0VEZYQxFK7TjRq5bK7qmzds0rMrAddayCu8VW3uHrNY. ECDSA key fingerprint is MD5:b4:8e:50:03:9e:ba:98:35:c8:e4:da:9c:82:3f:cc:69. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.3.218' (ECDSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/ [ec2-user@ip-10-0-3-218 ~]$
SSH Jumpbox to Business: [ec2-user@ip-10-0-4-209 ~]$ ssh -i "QT_Test_Machine.pem" ec2-user@10.0.2.19 The authenticity of host '10.0.2.19 (10.0.2.19)' can't be established. ECDSA key fingerprint is SHA256:EOThh1miq9EU4/0mg4E9bg0O4+2/W4zSJA0hyAr/GMQ. ECDSA key fingerprint is MD5:f9:b5:5c:04:55:8d:bc:32:6c:4a:30:48:9d:53:6e:87. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.2.19' (ECDSA) to the list of known hosts. Last login: Tue May 14 14:01:10 2019 from 10.0.1.108
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/ [ec2-user@ip-10-0-2-19 ~]$
Ping JumpBox to Data: [ec2-user@ip-10-0-4-209 ~]$ ping 10.0.3.218 PING 10.0.3.218 (10.0.3.218) 56(84) bytes of data. 64 bytes from 10.0.3.218: icmp_seq=1 ttl=255 time=0.361 ms 64 bytes from 10.0.3.218: icmp_seq=2 ttl=255 time=0.365 ms 64 bytes from 10.0.3.218: icmp_seq=3 ttl=255 time=0.484 ms
Ping Jumpbox to Business: [ec2-user@ip-10-0-4-209 ~]$ ping 10.0.2.19 PING 10.0.2.19 (10.0.2.19) 56(84) bytes of data. 64 bytes from 10.0.2.19: icmp_seq=1 ttl=255 time=0.374 ms 64 bytes from 10.0.2.19: icmp_seq=2 ttl=255 time=0.481 ms 64 bytes from 10.0.2.19: icmp_seq=3 ttl=255 time=0.490 ms 64 bytes from 10.0.2.19: icmp_seq=4 ttl=255 time=0.426 ms 64 bytes from 10.0.2.19: icmp_seq=5 ttl=255 time=0.501 ms
Is it fixed. If fixed close the issue with resolution
Nope sir.... Only thing is Business to Data SSH connection cannot be established.... It is not able to connect vice versa... :(
As per the suggestions and instructions received from Khaja Sir to create a single tier setup such as "Windows N-tier application on Azure with SQL Server" (https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server):
We were not able to establish the connection or SSH from "Web tier subnet" to "Business tier subnet". We have tried all possible ways and methods and even tried all traffic open options as well and still vain.
I have created my network below way and created 4 instances respectively:
VPC : LearningVPC = IPv4 = 10.0.0.0/16
Subnet: Web : IPv4 = 10.0.1.0/24 ; Public IP Enabled Business Subnet : IPv4 = 10.0.2.0/24 ; Public IP Disabled Data Subnet : IPv4 = 10.0.3.0/24 ; Public IP Disabled JumpBox Subnet : IPv4 = 10.0.4.0/24 ; Public IP Enabled
IGW Created and associated to VPC
Route table updated as 10.0.0.0/16 local 0.0.0.0/0 given IGW Subnets are also associated.
Security group : Web = All traffic open Business = All traffic open Data = All traffic open JumpBox = All traffic open
NACL : Web = All traffic rules open
I have tried all possible ways and checked & contacted the lab assistants and all went vain. Kindly check and investigate and let me know your inputs or help if at all I am doing wrong or missing somewhere or how you were successful and in which way. This applies with Azure as well. There also I have applied rules in NSG repectively and all went vain. No communications/SSH happen among Web & Business and Business & Data and vice versa. However, Web and JumpHost are able to communicate to the world outside.
Kindly provide your inputs or thoughts or solution in both AWS and AZURE. Thank you.