0

I've set up an EC2 instance where I need to run some software, flexlm, and be accessible through a public IP address. I've set up an elastic IP and things should be working.

However, whenever I ssh into the instance or connect to it through the AWS console, I have the private IP in the terminal as my userID (e.g.)

ec2-user@ip-<private-ip>$

When I run the software, which is a license checking software, it says I am running the software from the private IP and not the EIP I set up.

Maybe I am understanding private vs public IP wrong? When I ssh into my EC2 is it even possible to run things and have them be exposed through the public IP? When someone accesses the EIP is that just being routed to the private IP?

Some clarity on the difference between IPs would be useful as well as info on if I can run software and have it run from the private IP.

Update: Added more detail

A Simple Programmer
  • 494
  • 4
  • 15
  • 2
    What problem are you trying to solve? You will [always have this 1:1 NAT](https://serverfault.com/questions/588440/elastic-ip-address-on-ec2-instance-interface-without-11-nat) – Anon Coward Mar 29 '23 at 19:51
  • So I've given a company that we have a floating license from the Elastic IP. This EC2 instance is supposed to act as the middle man between them and us and are expecting a request from the elastic IP. However, when the Ec2 instance reaches out it is using the private IP I believe. – A Simple Programmer Mar 29 '23 at 19:57
  • It only uses the private IP to connect to other machines on the same VPC, anything else must use the elastic IP – Anon Coward Mar 29 '23 at 19:59
  • okay, so when it reaches outside of the VPC, other machines should see the public IP? So my license probably needs to be set up a bit differently I imagine. – A Simple Programmer Mar 29 '23 at 20:03
  • 1
    Yes, other machines outside the VPC see the traffic coming from the elastic IP, if this .. somehow .. causes issues, then you need to deal with those issues. – Anon Coward Mar 29 '23 at 20:12

2 Answers2

2

If you can access your EC2 instance from the internet, then it is working correctly. Any time you connect via SSH to your EC2 instance from the AWS console, it will always show you the private IP.

The private IP is simply the IP address of your EC2 instance from within the network. The public IP is the translated address that the internet can use to send data to your instance. I think you may be confused about the concept of IP addresses. I would read this AWS Documentation.

If you want to verify your flexlm ports are open to the internet, there are a few ways you can do this.

  • From within the machine netstat -ntlp / netstat -nulp will show all open TCP / UDP ports (and associated programs) respectively.
  • Check your EC2 instance's inbound and outbound rules and make sure the required ports are open to the internet.
Matthew G
  • 66
  • 5
2

Amazon EC2 instances do not actually know their Public IP address. All traffic arrives at their Private IP address.

When the instance access the Internet, traffic flows through the Internet Gateway. At this time, the Internet Gateway performs a 'reverse NAT' and makes the traffic 'appear' to come from the Elastic IP address (or, if there is no EIP, then the random Public IP address assigned to the instance). Similarly, when traffic from the Internet is sent to the EIP, the Internet Gateway forwards it to the Private IP address of the instance.

The instance itself, however, has no record of the Elastic IP address. The benefit of this is that the EIP can be instantly remapped to another Amazon EC2 instance (useful when doing failover) without changing any configuration on the instance itself.

If your software product accesses the Internet to determine its Public IP address (eg going to https://icanhazip.com/), then it will see its correct Public IP address. However, if it looks on the instance, it will not find the Public IP address.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • Thanks for the succinct and informative answer. – A Simple Programmer Mar 29 '23 at 21:08
  • 1
    I would just add that it's generally more reliable to use the [metadata service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html), or even AWS's `https://checkip.amazonaws.com/` rather than a third party service. They can (and have!) go down or otherwise wreck havoc. – Anon Coward Mar 29 '23 at 21:30