edit-icon download-icon

Configure SNAT for a Linux ECS instance

Last Updated: Apr 28, 2018

This tutorial introduces how to configure SNAT on a Linux ECS instance in a VPC so that the instance can access the Internet through the proxy of a server bound with an EIP.

  1. Use SSH to log on to an ECS instance bound with an EIP.

    ECS

  2. Run the following command to enable the IP forwarding function.

    sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf

    Note: If the default rule of the FORWARD chain is set to drop, you also need to run the following command:

    iptables -A FORWARD -d 172.16.3.0/24 -j ACCEPT iptables -A FORWARD -s 172.16.3.0/24 -j ACCEPT

  3. Run the sysctl –p command to activate the IP forwarding.

    effect

  4. Run the following command to add a SNAT rule for the IP table.

    iptables -t nat -I POSTROUTING -s 172.16.3.0/24 -j SNAT --to-source 172.16.3.2

    Where: 172.16.3.0 is the CIDR block of the VPC and 172.16.3.2 is the private IP address of the ECS instance.

  5. In the VPC, add the following route entry.

    2

  6. Use the curl command to test the access.

    4

    curl

    Disable the IP forwarding function and do the test again.

    5

    3

Thank you! We've received your feedback.