Why Cannot You Ping an IP Address of an AWS Server when the Security Group Should Allow for Pinging?

Problem scenario
In AWS you manually added a Security Group rule for the source of a given IP address. This IP address is either the internal or external IP address. You can ping one of them (either the internal or external IP address). Why cannot you ping each IP address?

Check to see if a firewall is running on the Linux server. Run these commands:

sudo ps -ef | grep firewalld
sudo systemctl status firewalld
sudo ps -ef | grep ufw
sudo ufw status
sudo iptables -L
nmap -P0

Secondly the root cause could be human error. Use the web browser to search for the rule in the AWS Console's section for Security Groups. Rather than make a human, manual check with your eyes, ensure that the web browser can find the IP address as it appears on the server. In other words highlight the IP address with your mouse and copy it into a search field in the web browser. Make the web browser find this IP address. This prevents manual error.

Thirdly, ensure that the Security Group's rule is for "Inbound" connections from the source IP address that you are trying to ping from. Outbound exceptions will not help you. The root cause of this is human error.

Fourthly, is the server in a VPC? If so you may need to adjust the NACL (Network Access Control List) to allow connectivity from your workstation or server to access the VPC itself.

Leave a comment

Your email address will not be published. Required fields are marked *