I have my VPC connected to our corporate network via Direct Connect (this is shared from our main account using Transit Gateways), using a firewall on my corporate network I am trying to port forward an EC2 instance. I have created Security groups for the instance and Network ACLs are set to Allow ALL 0/0.
Using flow logs on the network interface I can see the TCP SYN come through and then the server sending the SYN-ACK back out. But taking a LAN packet capture on the firewall I cant see the SYN-ACK coming back through the Direct Connect.
I should add internal traffic flows fine between AWS and Internal networks.
I am not a network engineer. What might I have missed?
