edit-icon download-icon

Configure SNAT for a Linux ECS instance

Last Updated: Oct 08, 2018

This tutorial introduces how to configure SNAT on a Linux ECS instance in a VPC so that the instance can access the Internet through the proxy of a server bound with an EIP.

  1. Use SSH to log on to an ECS instance bound with an EIP.


  2. Run the following command to enable the IP forwarding function.

    sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf

    Note: If the default rule of the FORWARD chain is set to drop, you also need to run the following command:

    iptables -I FORWARD -s -j ACCEPT

  3. Run the sysctl –p command to activate the IP forwarding.


  4. Run the following command to add a SNAT rule for the IP table.

    iptables -t nat -I POSTROUTING -s -j SNAT --to-source

    Where: is the CIDR block of the VPC and is the private IP address of the ECS instance.

  5. In the VPC, add the following route entry.


  6. Use the curl command to test the access.



    Disable the IP forwarding function and do the test again.



Thank you! We've received your feedback.