<div dir="ltr">Do you have an AWS VPC going? From their FAQ (<a href="http://aws.amazon.com/vpc/faqs/">http://aws.amazon.com/vpc/faqs/</a>):<br><br><p style="margin:0px 0px 0.8em;color:rgb(51,51,51);font-family:HelveticaNeue,Helvetica,Helvetica,Arial,sans-serif;font-size:14px;line-height:22.399999618530273px">
<span style="font-family:HelveticaNeueBold,Helvetica,Helvetica,Arial,sans-serif">> Q. What IP address ranges are assigned to a default VPC?</span></p><p style="margin:0px 0px 0.8em;color:rgb(51,51,51);font-family:HelveticaNeue,Helvetica,Helvetica,Arial,sans-serif;font-size:14px;line-height:22.399999618530273px">
> Default VPCs are assigned a CIDR range of <a href="http://172.31.0.0/16">172.31.0.0/16</a>. Default subnets within a default VPC are assigned /20 netblocks within the VPC CIDR range. </p><p style="margin:0px 0px 0.8em;color:rgb(51,51,51);font-family:HelveticaNeue,Helvetica,Helvetica,Arial,sans-serif;font-size:14px;line-height:22.399999618530273px">
Sounds like (from the rest of the page) you might need to double check the config...?</p><p style="margin:0px 0px 0.8em;color:rgb(51,51,51);font-family:HelveticaNeue,Helvetica,Helvetica,Arial,sans-serif;font-size:14px;line-height:22.399999618530273px">
<br></p><p style="margin:0px 0px 0.8em;color:rgb(51,51,51);font-family:HelveticaNeue,Helvetica,Helvetica,Arial,sans-serif;font-size:14px;line-height:22.399999618530273px">James</p></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On 8 April 2014 12:07, Geordie Guy <span dir="ltr"><<a href="mailto:elomis@gmail.com" target="_blank">elomis@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Folks,<div><br></div><div>Working with a B2B partner who has exposed non-RFC1918 addresses 172.31.1.2 and 172.31.1.3 through a VPN tunnel to our environment, and this works fine for hitting a web service down the tunnel from our local networks. We have a development footprint in AWS that is shanking at this, because an overlying abstraction layer for how AWS S3 instances route means that if it sees a non-RFC1918 range it sends it out to the Internet regardless of any host or other level routes that are specified. I can set route add <a href="http://172.31.1.0/24" target="_blank">172.31.1.0/24</a> via a gateway or for that matter the loopback until I go blue in the face and the server will merrily continue to try and find the IP on the Internet.</div>
<div><br></div><div>What I need to do, other than not allow design decisions that involve non RFC-1918 addresses for private networks, is redirect a TCP port (443) from an IP that I *CAN* hit inside our network, to the 172.31.1.0 range down the tunnel, so that <span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif"><a href="http://1654287.r.msn.com" target="_blank">1654287.r.msn.com</a> stops scratching his head at the traffic trying to hit him from AWS.</span></div>
<div><span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif"><br></span></div><div><span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif">What do I do to accomplish this? Netcat? And before anyone says NAT, there's already been enough bad decisions made here.</span></div>
<div><span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif"><br></span></div><div><span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif">Regards,</span></div>
<div><span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif"><br></span></div><div><span style="line-height:18px;font-size:12px;font-family:Arial,Helvetica,sans-serif">Geordie</span></div>
</div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>