Test connectivity through network firewalls

A key part of Turbot configuration is end-to-end testing of network connectivity between on premise users/servers and instances running in the cloud.

Before you begin

These tests assume you have a basic connection (Direct Connect channel, VPN) between your corporate network and the cloud network.

Process for testing connectivity

  1. Start a Linux instance in the cloud with a private IP address

     172.4.5.6
  2. Login to a local machine on the private network

     10.2.3.4
  3. Can the cloud server be pinged? (ICMP ECHO)

     # From 10.2.3.4
     ping 172.4.5.6
  4. Does SSH work to the cloud server? (SSH port 22)

     # From 10.2.3.4
     ssh -i mykey.pem ec2-user@172.4.5.6
  5. Does ping work to internal servers? (ICMP ECHO)

     # From 172.4.5.6
     ping 10.2.3.4
  6. Does ping work to internet servers? (ICMP ECHO)

     # Check from internal 10.2.3.4
     ping google.com     # Uses DNS, can provide an IP to test
     ping 216.58.219.206 # Some public IP address
    
     # Check from cloud 172.4.5.6
     ping 216.58.219.206
  7. Is the connectivity taking the expected route?

     # From 172.4.5.6
     traceroute 10.2.3.4
    
     # From 172.4.5.6
     traceroute 216.58.219.206
  8. Is DNS configured to use the correct servers (probably internal)?

     # From 172.4.5.6
     nslookup localhost
     # Check the server & address fields
  9. Does public DNS resolve?

     # From 172.4.5.6
     nslookup localhost
     # Check the server & address fields
  10. Does private DNS resolve?

    # From 172.4.5.6
    nslookup internal.server.example.com
  11. Does ping work using DNS?

    # From 172.4.5.6
    ping google.com
  12. Is the public web (HTTP) accessible?

    # From 172.4.5.6
    curl http://google.com
  13. Is the public web (HTTPS) accessible?

    # From 172.4.5.6
    curl https://google.com
  14. Is the private web (HTTP) accessible?

    # From 172.4.5.6
    curl http://internal.website.example.com
  15. Is the private web (HTTPS) accessible?

    # From 172.4.5.6
    curl https://internal.website.example.com

Testing specific ports for firewall rules

Testing firewall rules for specific ports is an important step in network setup, particularly given the combination of virtual and physical protections often in place.

Using tools like netcat can speed up testing for a range of ports. For example:

 # From 172.4.5.6
 # Open port 1234 on Amazon Linux to test connectivity
 sudo nc -v -l 1234

 # From 10.2.3.4
 # Try connecting on port 1234
 curl http://172.4.5.6:1234

 # If fails, check the TCP traceroute to see where the block occurs  
 sudo traceroute -P tcp -p 1234 172.4.5.6

 

If you continue to see issues after testing, please contact help@turbot.com

Was this article helpful?
0 out of 0 found this helpful