Menu
I have two public subnets with CIDR - 10.100.0.0/24 and 10.100.3.0/24.
I am trying to add NACL for private subnets but I am unable to access the private subnet with the below configuration.
Can anyone help me to resolve this issue?
I have created two NACLs one for public subnets and one for private subnets
public subnet inbound rule]
public subnet outbound rule
private subnet inbound rule
ANSWER:
ADD follwoiing rules to private outbound
644
When you create a NACL you need to account for both inbound and outbound connections. A major difference between security groups and NACLs is that a security group is stateful (if traffic can speak inbound it can speak outbound), whereas a NACL is evaluated both directions of traffic.
Additionally you will need to ensure the you add the ephemeral port ranges to your rules.
Traditionally people would add the 1024-65535 range for ephemeral ports as it basically matches every scenario.
AWS have a whole page on this so take a look.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
