1

Machine A could not make a https connection to Machine B. I first used telnet to confirm a tcp connection could be made: telnet MachineB 443

This worked. So, I concluded that the network between them was set up fine. It turned out, that I was wrong, and actually Machine A had a route to Machine B, but Machine B did not have a Route back to Machine A.

Why did telnet succeed from A to B if there was no route for B to get back to A?

Improve this question
8
  • Are the two machines in different subnets? Do you have a packet capture from machine B's point of view, or at least do you know (e.g. from webserver logs) what source IP address was seen by machine B?
    – grawity_u1686
    Commented Oct 31, 2019 at 21:21
  • Yes, they are in different subnets. I don't have a packet capture, but I could recreate it with one. Machine B is supposed to see Machine A's internal IP address as the source. The setup of this is in AWS. Machine A is in subnet A in VPC A. Machine B is in subnet B in VPC B. Machine A's subnet has a route table entry that can send traffic to Machine B. Machine B's subnet did not have a route table entry to send traffic to Machine A. Machine B has a security group that allows Inbound traffic form Machine A's IP. So, that's why seemingly it sees that source IP.
    – Howard_Roark
    Commented Nov 1, 2019 at 14:27
  • Ah, I don't know much about routing in AWS VPCs – I was assuming this is a physical network. Does either the machine B itself or its subnet gateway have any routes matching A's address? Could it be that the packets just got delivered indirectly, through a default AWS gateway?
    – grawity_u1686
    Commented Nov 1, 2019 at 14:39
  • No, it had zero routes matching A's address. If no route is matched, the packets would be sent to a NAT Gateway in a public subnet. And the NAT gateway only has a route table entry to go over the internet-- so it would not be able to get back to Machine A in internal subnet A. The AWS video game abstracts away a lot of the networking legos. On a physical network do you have any hypotheses as to how the above described behavior could happen?
    – Howard_Roark
    Commented Nov 1, 2019 at 14:58
  • 1
    When things work weirdly, "I think that it must be" isn't good enough – run netstat -n -t while connected (or even fire up tcpdump) to find out for sure.
    – grawity_u1686
    Commented Nov 1, 2019 at 23:07

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .