This tutorial introduces how to configure SNAT on a Linux ECS instance in a VPC so that the instance can access the Internet through the proxy of a server bound with an EIP.
Use SSH to log on to an ECS instance bound with an EIP.
Run the following command to enable the IP forwarding function.
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
Note: If the default rule of the FORWARD chain is set to
drop, you also need to run the following command:
iptables -A FORWARD -d 172.16.3.0/24 -j ACCEPT iptables -A FORWARD -s 172.16.3.0/24 -j ACCEPT
sysctl –pcommand to activate the IP forwarding.
Run the following command to add a SNAT rule for the IP table.
iptables -t nat -I POSTROUTING -s 172.16.3.0/24 -j SNAT --to-source 172.16.3.2
Where: 172.16.3.0 is the CIDR block of the VPC and 172.16.3.2 is the private IP address of the ECS instance.
In the VPC, add the following route entry.
curlcommand to test the access.
Disable the IP forwarding function and do the test again.