Splunk Enterprise

AWS private Network problem

vgolof
Explorer

Why no acces for Answer ? Server *.cloud.splunk.com 54.175.240.162:9997 is miss ?

We have 2 EC2 instances in OpsWorks.
1. seed1.localdomain in public net 172.17.xx.xx + private net 10.1.0.41
2. mongodb1.localdomain in private net 10.1.0.205

---- seed1 ----

 netstat -anp | grep splu
tcp        0      0 0.0.0.0:8089                0.0.0.0:*                   LISTEN      17542/splunkd
tcp        0      0 10.1.0.41:60272             54.175.240.162:9997         ESTABLISHED 17542/splunkd

 tcpdump

12:38:02.743757 IP 10.1.0.2.domain > 10.1.0.41.41733: 31303 1/0/0 A 54.175.240.162 (75)
12:38:02.744019 IP 10.1.0.41.33566 > 54.175.240.162.palace-6: Flags [S], seq 3286603834, win 26883, options [mss 8961,sackOK,TS val 39239167 ecr 0,nop,wscale 7], length 0
12:38:02.818160 IP 54.175.240.162.palace-6 > 10.1.0.41.33566: Flags [S.], seq 2305285408, ack 3286603835, win 26847, options [mss 8961,sackOK,TS val 168913928 ecr 39239167,nop,wscale 7], length 0
12:38:02.818193 IP 10.1.0.41.33566 > 54.175.240.162.palace-6: Flags [.], ack 1, win 211, options [nop,nop,TS val 39239185 ecr 168913928], length 0
12:38:02.818436 IP 10.1.0.41.33566 > 54.175.240.162.palace-6: Flags [P.], seq 1:297, ack 1, win 211, options [nop,nop,TS val 39239186 ecr 168913928], length 296

---- mongodb1 ----

 netstat -anp | grep splunk
tcp        0      0 0.0.0.0:8089                0.0.0.0:*                   LISTEN      16104/splunkd
tcp        0      1 10.1.0.205:41946            54.175.240.162:9997         SYN_SENT    16104/splunkd

 tcpdump

12:24:53.138224 IP 10.1.0.205.41452 > 54.175.240.162.palace-6: Flags [S], seq 244061703, win 26883, options [mss 8961,sackOK,TS val 39009304 ecr 0,nop,wscale 7], length 0
12:25:08.123068 IP 10.1.0.205.41464 > 54.175.240.162.palace-6: Flags [S], seq 360299705, win 26883, options [mss 8961,sackOK,TS val 39013050 ecr 0,nop,wscale 7], length 0
12:25:09.122201 IP 10.1.0.205.41464 > 54.175.240.162.palace-6: Flags [S], seq 360299705, win 26883, options [mss 8961,sackOK,TS val 39013300 ecr 0,nop,wscale 7], length 0

Security Groups
sg-86ba38e2
Inbound

All TCP TCP 0 - 65535 54.175.240.162/31
Custom TCP Rule TCP 8089 sg-bdba38d9 
Custom TCP Rule TCP 8089 0.0.0.0/0

sg-bdba38d9
Inbound

All TCP TCP 0 - 65535 54.175.240.162/31
Custom TCP Rule TCP 8089 0.0.0.0/0
Tags (1)
0 Karma
1 Solution

vgolof
Explorer

Fixed:
VPC Dashboard -> SecurityGroups -> NATSecurityGroup
Added Inbound and Outbound
Custom TCP Rule TCP (6) 9997 10.1.0.0/23

Deleted all Custom TCP Rules TCP 8089

View solution in original post

0 Karma

vgolof
Explorer

Fixed:
VPC Dashboard -> SecurityGroups -> NATSecurityGroup
Added Inbound and Outbound
Custom TCP Rule TCP (6) 9997 10.1.0.0/23

Deleted all Custom TCP Rules TCP 8089

View solution in original post

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!