Reputation: 2261
How to create NACL for private subnets?
I have two public subnets with CIDR - 10.100.0.0/24 and 10.100.3.0/24.
I am trying to add NACL for private subnets but I am unable to access the private subnet with the below configuration.
Can anyone help me to resolve this issue?
I have created two NACLs one for public subnets and one for private subnets
public subnet inbound rule]
public subnet outbound rule
private subnet inbound rule
ANSWER:
ADD follwoiing rules to private outbound
Upvotes: 4
Views: 1933
Answers (1)
Reputation: 35188
When you create a NACL you need to account for both inbound and outbound connections. A major difference between security groups and NACLs is that a security group is stateful (if traffic can speak inbound it can speak outbound), whereas a NACL is evaluated both directions of traffic.
Additionally you will need to ensure the you add the ephemeral port ranges to your rules.
Traditionally people would add the 1024-65535 range for ephemeral ports as it basically matches every scenario.
AWS have a whole page on this so take a look.
Upvotes: 4
Related Questions
- AWS - Accessing instances in private subnet using EIP
- How to place EC2 instance in both public and private subnet?
- Allow resources in a private subnet access access between them and egress to internet
- Amazon ELB for EC2 instances in private subnet in VPC
- Using NACL to Block traffic
- AWS - vpc: private subnet access from public subnet
- NAT instance and NACL configurations
- Error when creating private subnets within AWS VPC
- How to setup instances in a private subnet of an AWS VPC?
- Private subnets options in AWS