Hands-on Lab on Stateless and Stateful Security Rules in OCI
But still now allowing to "ping"
Not able to do SSH
It should be --> SSH (TCP/22)
Missed the Port number to ADD that's why we were not able to connect.
=====================================================================
Final Practical
This diagram illustrates network traffic flow through a Stateless Firewall (such as an OCI Security List) managing an SSH connection (Port 22) between your local computer (MyCom) and an Oracle Cloud Infrastructure (OCI) instance.
Because it represents a stateless configuration, you must explicitly define both the incoming and outgoing paths for the connection to work.
1. Ingress / Inbound Rules (Top Arrow)
This rule controls the incoming request initiated from your local machine to the cloud server.
- Source:
MyCom/All— Traffic originates from your computer's IP address (or any IP if open to "All"). - Destination Port:
22— Traffic targets Port 22 on the OCI instance, which is the standard port for SSH (Secure Shell) remote access.
2. Egress / Outbound Rules (Bottom Arrow)
Because stateless firewalls do not remember or automatically allow return traffic, you must map the return journey for the server's response.
- Source Port:
22— The response traffic leaves the OCI instance from its active SSH port. - Destination:
All— The server sends the data back to your computer. It usesAllbecause your local machine expects the return traffic on a randomly allocated dynamic port (ephemeral port).
Key Takeaway
To establish a successful SSH connection in a stateless cloud environment like OCI Security Lists, traffic must be permitted in both directions manually: incoming to Port 22, and outgoing from Port 22 back to your machine.
ICMP :-
No comments:
Post a Comment