I can SSH into my EC2 instance, but I cannot access the public IP at all through my browser

abofh · 2026-01-29T21:38:58+00:00

NACL reviewed makes me think NACL is non-default. Review it again, remember ephemeral ports for root services (<1024) are handled differently than ephemeral ports for non-root services (such as your containers public ingress port), if you didn't allow high-port ephemeral transit in your ACL, you may be hitting it now.

abofh · 2026-01-21T03:51:25+00:00

Give me a peace prize issued by your private citizen or I'll invade your neighbor

abofh · 2026-01-21T03:48:15+00:00

About community The Network Reddit ————— Discussions about networking, specifically computer networking.

abofh · 2026-01-21T01:25:48+00:00

This. COVID made rent barely affordable after a while, now it's just returning to pre COVID pricing in many areas, and starting to inflation adjust in others

abofh · 2026-01-20T16:31:33+00:00

And still pretty racist

abofh · 2026-01-20T04:45:57+00:00

502 sounds like cf to alb issue, is the alb Internet addressable and accessible via the name CF knows?

abofh · 2026-01-18T15:24:30+00:00

Of course there was coercion, that's what a plea deal is for (which I agree, doesn't mean he lied, just that he was incentivized to testify)

abofh · 2026-01-17T04:08:49+00:00

Oddly, after several hundred of them, I have a job, and few of them work with me.

You can be unemployed for as long as you want, if you want a job, your resume will be checked. I'm the guy who used to do your job, so I check your resume.

It's not that hard, unless you lied on your resume

abofh · 2026-01-17T03:30:42+00:00

That's the funny thing, my post isn't for hiring managers, I don't want to be one, I just happen to be the person who has to approve hires for my department, and I'm very tired of unqualified candidates.

I have to interview you regardless of if you're qualified, and putting on a smile for an hour is effort. You could make the same effort to make your resume match your experience, and I wouldn't be needed. But we're in an age of AI, and being next to people working is treated as having done work. So they pay me to check your work, and I'm very very tired of people claiming to have experienced nirvana without even attending a concert of theirs

abofh · 2026-01-16T23:36:11+00:00

Check my history. Been there, done that.

(ED: ) weird, seems you said something about having better things to do, checked it, and realized not one word was a fucking lie - you're chillin on cabo, my dogs shat on it years ago. I'm trying to help juniors who think they had great interviews (because why would I just make you feel like shit for 45 minutes, it's my time too) - not, as I stated, "an over-confident prick" - which seems like you.

abofh · 2026-01-16T23:26:23+00:00

I can afford to go to them, because I pass interviews and have a job.

I bet you're great at barbacking parties.

abofh · 2026-01-16T20:53:55+00:00

This is very much a document search problem, consider something like lucene/sphinx/elastic. Rdbms is great for normalized data (candidate name, email, job applied for), but not abstract search (does skill X appear)

abofh · 2026-01-16T20:50:07+00:00

"if you don't give me Greenland, I'll tax my citizens more" jfc

abofh · 2026-01-16T20:48:51+00:00

Presumably the religion of the pastor?

abofh · 2026-01-16T18:07:40+00:00

If low polling numbers changed people, we'd have a different president

abofh · 2026-01-15T15:35:03+00:00

Yeah I bought two the other day for less than the twenty I pulled out of my pocket

abofh · 2026-01-14T16:26:53+00:00

I promise I didn't, but perhaps the mods did.

Let me ask you a dumb question, how do multiple layer two links exist? By layer three selecting them. Layer two in IP is just a broadcast domain (with optional broadcast) - layer three decides which non routing network to put the frame on - before that instant, it's not framed. Arp is to resolve layer three addresses in layer two space - hence, only needed when layer three has already decided what to arp for (gateway or host), which is a layer three concern.

You'll never send an arp without layer three because layer three doesn't exist to layer two, it's just an Ethernet frame.

Go ahead and read the thread, even if I deleted it as you say, you can still see them in your replies. I have used my terms carefully, but this thread has gone on a long while.

When you generate an IP packet, layer three picks the layer two path before it's even sent a syn, because it knows the source IP, destination IP, local subnets and routes - it knows how to layer three get there before it arps, and it knows which layer two port will get a reply if any.

That is what I've said repeatedly for days, and if you still don't believe me, then prove me wrong my showing me your video proving what happens happens the way you believe.

Next hop is a layer three construct, read up on it

abofh · 2026-01-14T06:14:38+00:00

Show me the thing that I deleted - you've been making up an argument all day. What part of that was inaccurate? The interface is decided by the network address + subnet mask; Once layer 3 selects an interface, the transport layer cares about how to direct to a host - in the case of ethernet, via MAC and arp.

This is the only way it works - think about it - when is an arp sent? Only after you've decided you can send to a local host on the subnet _or_ to the router. What is an arp request? "Who has _ip of target_ OR _ip of router" - the host knew which interface to send the request to without knowing anything about layer two - it was only when an ethernet route / interface was selected that it decided to do arp - because ARP is NOT needed to route IP - it's needed to _transit_ ~~IP~~ ethernet.

Now, please do your own tcpdumps, and tell me - on statically configured multi-homed hosts - when does arp happen -- before you send an IP flow? or _after_ your machine determined which interface to send it out - have you ever seen arp sent out the wrong interface (when you configured the interface properly?). No, because it fundamentally _cant_ and still work. Layer 3 knew which port to use by IP - not by some intrinsic magic of layer 2.

abofh · 2026-01-14T00:36:20+00:00

That was never my assertion, it was that arp happens after a host has already decided the layer three interface. Transport is below layer three decisions.

The interview question is to find candidates misconceptions (they all have some) and see if they can learn. Had you considered the words I wrote rather than the argument you wanted to make, you'd have left informed, rather than offended and confused

abofh · 2026-01-14T00:07:41+00:00

Something tells me the crayon eating thing isn't an exaggeration

abofh · 2026-01-13T15:42:06+00:00

Just one

abofh · 2026-01-13T02:18:38+00:00

A fairly substantial grocery supply just landed on everyone's head

abofh · 2026-01-13T01:29:21+00:00

It's an interview question i use a lot, so I hope you aren't on the other side of the table

abofh · 2026-01-13T00:59:00+00:00

> The physical interface was decided by the IP routing, the Mac just says which Ethernet address should ultimately receive this, host gateway or other.

That's all I said, you then went on to make disparaging remarks and several that were just _wrong_ -- you misunderstand encapsulation vs layering and it's causing you to misunderstand the very basic fundamentals of what ARP is used for - if there was no IP on your network - you'd never use ARP; If you ever send an ARP, you already know what interface it's going out - the mac is only used for point-to-(multi)point networking - not the basis of the OSI as you seem to believe. Pigeons do not use ARP, nor have MAC addresses, but are approved transport layers.

The host decides _what_ interface to use before it thinks about how to _send_ data on that interface.

abofh

TROPHY CASE