Portal access using IP Error: ERR_CONNECTION_TIMED_OUT - iis

I have a local web site hosted on Windows 2019 EC2 Instance. This ec2 instance has a public IP (Elastic IP Address). The public IP is ping-able from out of the ec2 instance.
I am able to access the portal using the below from the same EC2 Instance
http://{Public IPv4 DNS}/Login.asp (Working on the Ec2)
http://{localhost}/Login.asp (Working on the Ec2)
http://{PrivateIP}/Login.asp (Working on the Ec2)
http://{PublicIP}/Login.asp (Not working, error: ERR_CONNECTION_TIMED_OUT)
Added the FQDN to the Host file and also added
In the Ec2 Instance security group, added the inbound rule with the port (80),Protocol TCP and the public IP
I want to access the the portal using the public IP from out of the EC2 Instance. I am not sure what I missed in the configuration. Thank you.

Related

Azure Virtual Machine cannot resolve DNS entry of Application Gateway

I have the following situation:
If I deploy an application (Deployment, Service and Ingress) in my kubernetes cluster, my ingress deployment is being automatically added to my application gateway (I am using the Azure Application Gateway Ingress Controller; https://azure.github.io/application-gateway-kubernetes-ingress/annotations/ ). So far so good.
That means that my application can be reached via my application gateway via https://my-app-gateway-public-ip/myAppPath/. Also, I have an additional private DNS zone which makes my app accessible via https://dns-name/myAppPath.
Additionally, we have an AADDS in combination with a Bastion Service. Deployed some virtual machines and the virtual machines use the DNS resolver of the AADDS (for authentication against the AAD).
The problem is: If I am outside of the cloud, I can nslookup the dns or can access the site via the ip, but I cannot do that with my virtual machines. My DNS server (within the AADDS) is unable to resolve the dns or accessing the ip. I am wondering what the issue is.
The bastion and AADDS are in different subscriptions and therefore different virtual networks. I established already a peering between those virtual networks (or the authentication between the AADDS and the VMs wouldn't work).
The kubernetes cluster and the application gateway are also in a different subscription, but no peering has been done so far.
Are there any hints what I could be missing?
Kind regards
• Since, you are using a Bastion gateway server to connect to the VMs hosted in your subscription, the Bastion gateway server must be having a public IP address through which then the registered underlying VMs can be connected to via private links created in the private DNS zones associated with a particular virtual network in a subnet and an assigned private IP address and a FQDN accordingly. Thus, if you want to access the application website hosted behind the application gateway, then you will have to create a conditional forwarder in the DNS zone in AADDS to redirect the internal requests from the VMs hosted within a virtual network to the public IP address of the website hosted behind the application gateway
• Thus, a conditional forwarder forwards the DNS resolution requests for a particular resource hosted on the public internet for which the DNS host resolution is not found or done in that DNS zone which usually serves or fulfils the requests related to internal environment. As a result, when a VM configured with a private IP is registered as a host in the internal DNS zone queries the public IP or FQDN associated with the application’s website, the DNS requests are forwarded to the public internet through the conditional forwarder and then the results are displayed in the VM’s browser for the application’s webpage. Thus, the VMs don’t need to have internet access but the DNS server should have or should forward the requests through the Internet proxy server accordingly to reach the internet.
For more information on creating conditional forwarder in AADDS, kindly refer to the below link: -
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns#create-conditional-forwarders

Sticky Elastic IP on AWS EC2

A specific 'Elastic IP' is always associated with the EC2 instance launched from one of my custom AWS AMI.
ubuntu#ip-:~$ sudo ip addr show lo
inet 157.XX.XX.235/32 scope global lo
It is also persistent across server restarts. Can't find any configuration for the elastic IP in /etc/network/interfaces.
Is this setting coming from EC2 instance metadata and cloud-init? Couldn't find anything in /var/log/ as well. There is no user supplied user_data.
Elastic IP addresses exist within the VPC networking layer and are used by Internet Gateways.
When traffic enters a VPC with an Elastic IP address as the destination, the Internet Gateway performs a reverse NAT and translates the public IP address into a private IP address within the VPC. The EC2 instance receives the request on its public IP.
When traffic sent from an instance with an Elastic IP, the traffic comes 'from' the private IP address, but it is translated into the public IP address when it goes through the Internet Gateway.
So, an Amazon EC2 instance is never actually aware of its public IP address. It only sees traffic via its private IP address. This has the benefit that the Elastic IP address can be reassociated with another EC2 instance and no configuration changes are required on the old or new instances. It's magic!
I'm not familiar with the command you are using. When I run it on an Amazon Linux instance that has an Elastic IP address, the command does not show the public IP address of the instance. Perhaps this is different on Ubuntu, so somebody has configured it somewhere on the instance (which they should not do, since it could change through reassociation).

EKS DNS accessible inside private subnet

The question is: How to expose DNS names pointing to the EKS cluster. DNS should only available inside our subnets and accessible with our VPN connection (which essentially means that DNS should point to addresses inside our VPC)
I have an EKS cluster which runs in the 10.0.0.0/16 VPC. Nodes are located inside private subnets, and services are exposed externally with ELB and Ingress Controller.
Since some of the services inside the VPC are only accessible inside of our company we have decided to runa OpenVPN server configured with routing to the 10.0.0.0/16 through the VPN and rest of the traffic going directly to the Internet. Currently public DNS configured in Route53 points to our private addresses which is not ideal. (ex A record for privateservice.example.com -> 10.0.1.1). It is not ideal (existence of the privateservice shouldn't be available in a public DNS) but worked for now.
To resolve the problem of private services in a public DNS I though about running Bind DNS server and configuring our OpenVPN to push this configuration to clients (couldn't get it to work on some client machines but I assume it will work).
However I have no idea how to expose some private services running inside EKS cluster. As mentioned before there are some services in the cluster which are available publicly through ELB. But in the same cluster I have a subset of services which should be available only inside our subnet.
Use private hosted zone of route 53 for private DNS resovling. It should be better using internal ELB to expose services in EKS.
Use route53 resovler for resolving aws managed DNS in on-perms.

AWS - Elastic IP will Connect Private IP?

I have an account in AWS, created local instance windows 2012 R2 standard edition. tried to configure Elastic (Static IP) IP to Local instance example like http://localhost:8080 to http://elasticip:8080 if it is possible to configure on AWS ??

unable to see nginx web server in my browser using aws machine public ip?

I have installed an nginx server on an AWS ec2 machine which has public IP of 52.3.218.34.
I have added a DNS entry as well but I am still not sure what is blocking it.

Resources