Hi,
I have a connectivity question for the following escenario:
I Have two EC2 linux instances in VPC A (one acting as client and the other as a router), another EC2 linux instance in VPC B. The router instance in VPC A has ENIs attached to two different private subnets, only one subnet has a route to the transit gateway. the Machine in VPC B has only the built-in ENI. The two VPCs connect through Transit Gateway attachments. I want traffic coming from the not TGW attached subnet goes through the local ENI and then gets routed to the other ENI which will sent out the packet to the TGW for routing to the VPC B Instance. When I ping Instance A to instance B it works, but if I try to ping from another machine or using as source the ENI in the not TGW-attached subnet the ping does not gets any response. The Instance A has already been configured as a linux router and src/dst check has been disabled to allow packets to go through. In all, the traffic flow would be as follows:
SUBNET A EC2 INSTANCE -> INSTANCE A SUBNET A ENI -> INSTANCE A SUBNET B ENI -> TRANSIT GATEWAY -> INSTANCE B
Anyone knows how to get it to work?
AWS 官方已更新 2 年前
The idea is not NATing traffic on instance, but leave it as it is coming with its original IPs. Only that it requires allowing it to go through this intermidiate router.
For example, have you confirmed that communication is possible from SUBNET A to SUBNET B ENI? Also, if you are not using NAT, I feel like you probably need to add a route back to SUBNET A in the route table to SUBNET B's route table and TRANSIT GATEWAY and INSTANCE B's route tables.