jack
Forum Moderator
Forum Moderator
  • UID539
  • Fans1
  • Follows0
  • Posts19
Reads:781Replies:0

Configure NAT Port Mapping in a VPC environment

Created#
More Posted time:Dec 6, 2016 14:01 PM
Configure NAT Port Mapping in a VPC environment
In a VPC environment, to enable multiple back-end intranet hosts to provide external services with a limited number of EIPs, you can map the ports of hosts bound to the EIP to the back-end intranet hosts. The procedure is as follows:
1. Configure the mapping of EIP to the hosts as follows:
A. Enable kernel forwarding and modify the /etc/sysctl.conf file.


Run the “sysctl -p” command to make the setting take effect.
B. Configure iptables NAT mapping rules.
Run the following commands:
iptables -t nat -I PREROUTING -d 192.168.1.3 -p tcp --dport 80 -j DNAT --to 192.168.1.5:80
iptables -t nat -I POSTROUTING -d 192.168.1.5 -p tcp --dport 80 -j SNAT --to 192.168.1.3
Run the "iptables -t nat -nvL" command to check the result.


Note: In the preceding commands, 192.168.1.3 is the intranet IP address of the EIP-bound ECS host, and 192.168.1.5 is the intranet IP address of an intranet ECS host.
2. Test EIP access. Check whether the Web data of the intranet host is successfully forwarded. If yes, port mapping is successful.


If the problem persists, contact Alibaba Cloud After-Sales Technical Support.
Guest