Reputation: 496
Ec2 instance on AWS apt- get not working
I have Ec2 instance on AWS with Amazon Ubuntu.
When i try to download any thing, I am unable to do so.
For Ex:
~# apt-get update
0% [Connecting to ap-southeast-1.ec2.archive.ubuntu.com (103.246.148.161)] [Connecting to security.ubuntu.com (91.189.91.15)
Another Ex will be
~# wget https://s3.amazonaws.com/aws-cli/awscli-bundle.zip
--2014-04-09 07:27:17-- https://s3.amazonaws.com/aws-cli/awscli-bundle.zip
Resolving s3.amazonaws.com... 207.171.189.80
Connecting to s3.amazonaws.com|207.171.189.80|:443...
This remains forever.
I was able to download files until I created Group and user for AWS Console.
Please suggest what can be issues here.
Upvotes: 29
Views: 36469
Answers (6)
Reputation: 6895
If the problem is not in your Security group, you might have forgotten to add the Ephemeral ports in the VPC/Subnet Network ACL.
In your route table, Allow inbound rule
TCP traffic from 32768 - 65535 on 0.0.0.0/0
If you have only enabled 80, 443 in outbound, then the return traffic still comes through the temporary ports listed above. Only enabling 80, 443 outbound will not let your server complete a curl google.com
The ephemeral port list mentioned above is for ubuntu,
You can check yours by running
sysctl net.ipv4.ip_local_port_range
Upvotes: 1
Reputation: 2304
I faced same issue because I did not enable nat gateway for private subnet in vpc.
If your machine is in private subnet you'll have to enable nat gateway in route table for that subnet.
It ll look like this after enabled
Upvotes: 1
Reputation: 9
I figured out how to get apt-get to work again.
Edit gai.conf:
sudo vim /etc/gai.conf
change line ~54 to uncomment the following:
precedence ::ffff:0:0/96 100
write and quit:
:wq
CAUTION
Look out line 50 which looks almost identical:
precedence ::ffff:0:0/96 10
This is the wrong line. Go ~4 lines down and you'll find the correct line to uncomment because it ends with 100 instead of 10
Upvotes: 0
Reputation: 504
Also make sure that if you want to download anything using wget using HTTPS link .Then add Outbound Rule for HTTPS ( Port 443 ) to 0.0.0.0/0
Upvotes: 5
Reputation: 23492
You EC2 instances's Security groups is not configured to let it reach internet. You need to have an Outbound rule for all traffic to 0.0.0.0/0. In EC2-Classic, this is already in place and hence you need not worry. However, if this is in VPC, then you need to add this rule.
Also, Apart from what is said above, could you check whether any iptables rules causing any issue.
Upvotes: 58
Related Questions
- Unable to perform sudo apt-get update from EC2 instance
- Amazon Linux: "apt-get: command not found"
- Unable to install packages from amazon repo on AWS EC2 instance Ubuntu
- How to install apt-get on AWS EC2 instance?
- How do i get apt-get to work on ubuntu on aws instance?
- AWS EC2 : sudo: apt-get: command not found error
- Using apt-get on AWS Workspace?
- Error using amazon EC2(ubuntu)
- sudo apt-get install apache2 on ec2 instace type: ami-e0efab88 fails
- Can't get Amazon EC2 instance work