1,234
edits
Changes
→Port forwarding SSH
* Create a new instance the same way as "router" but without the elastic IP. Call it ww. Name the network interface ww-nic and set a secondary private IP to 10.3.45.11.
** At step 6 of the creation process: create a new security group named ops345wwsg with only port 22 open for the source ops345routersg.[[File:AWSsgSshFromRouter.png|800px|border|center]] ** We won't set it ww up as a web server in this lab, we just need something to forward SSH requests to. Now you have a new VM (ww) which you can't ssh to even though it has a public ip. That's because the security group won't allow it. It does allow SSH from the router. But the router doesn't have the private key you're using as a password. Test all that to make sure.[[File:AWSsshFirewalled.png|800px|border|center]] The private key is on your workstation, but your workstation isn't allowed to connect to ww. The tricky solution here is to connect to router, and have that connection forwarded to ww.
* firewall: