Date: Wed, 1 Oct 2014 15:03:53 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: John Case <case@sdf.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Locked out of FreeBSD EC2 image - trying to figure out why ... Message-ID: <CAHu1Y71Nay5ekXojFn-RDHb4PRmaiBDaunxqdcTy8iaV9YuusQ@mail.gmail.com> In-Reply-To: <Pine.NEB.4.64.1410012025290.15899@faeroes.freeshell.org> References: <Pine.NEB.4.64.1410012025290.15899@faeroes.freeshell.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 1, 2014 at 2:23 PM, John Case <case@sdf.org> wrote: > > I added this ipfw line to my ec2 image and then rebooted it, and am unable > to connect over the network now: > > > deny ip from 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 to any > deny ip from 0.0.0.0/8,169.254.0.0/16,192.0.2.0/24,224.0.0.0/4,240.0.0.0/4 > to any > > > The private IP that my instance uses is in the 172.31.xx.xx block, so is it > my blocking of 172.16.0.0/12 that is causing the problem ? Yes. DHCP responses will come from an RFC1918 network, for example. This is naive and really unnecessary - just use an appropriate EC2 security policy. If you insist on using ipfw, you'll need to improve your understanding of how things work. Also - an elastic IP will not persist across stopping and starting an instance, and you should associate it using a script inside the instance when it starts. - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y71Nay5ekXojFn-RDHb4PRmaiBDaunxqdcTy8iaV9YuusQ>