Reputation: 2365
Why is it that I cannot ping an ec2 instance but can SSH, even with ICMP traffic allowed
I've got an EC2 instance with the standard Amazon Linux 2 AMI. It's in a security group with the following inbound rules:
SSH TCP 22 0.0.0.0/0 -
Custom ICMP - IPv4 Echo Request N/A 0.0.0.0/0 -
outbound rules:
All traffic All All 0.0.0.0/0 -
I can SSH into the instance from my MacOS command line, but ping fails with:
PING 152.87.216.125 (152.87.216.125): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Of course, it has a public IP assigned and it is in a subnet in a VPC with an internet gateway and the NACL associated with it looks like:
100
ALL Traffic
ALL
ALL
0.0.0.0/0
ALLOW
*
ALL Traffic
ALL
ALL
0.0.0.0/0
DENY
outbound rules:
100
ALL Traffic
ALL
ALL
0.0.0.0/0
ALLOW
*
ALL Traffic
ALL
ALL
0.0.0.0/0
DENY
I am able to ping google.com successfully.
I don't understand enough about ping and network layers to know where to look next for why this isn't working. Any ideas?
Upvotes: 0
Views: 3184
Answers (1)
Reputation: 2365
Disabling my MacOS firewall did not fix the issue but connecting to my mobile hotspot did. My ISP must be blocking certain incoming ICMP requests. Interestingly, pinging google.com works, as well as pinging other hosts which are much less known (like spysmiles.com).
Upvotes: 2
Related Questions
- Cannot ping AWS EC2 instance
- Cannot ping AWS EC2 instance with public IP
- Why can't I ping an aws instance by public IP even though I can ping the private IP just fine?
- Unable ping AWS EC2 instance
- Cannot connect to AWS E2 instance (but security group allows inbound)
- Unable to ping EC2 Server
- Cannot ping AWS instance (Yes, I added a security group)
- Why cannot I ping a AWS server but connect via ssh?
- ec2 security group does not allow ping outbound
- Weird ping timeout on AWS EC2 instance