This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Network technology Alibaba Cloud builds SNAT to achieve access to the public network without a public server.
View: 1095|Reply: 3

[Router] Alibaba Cloud has built SNAT to access the public network without a public server

[Copy link]
Posted on 2025-3-13 09:26:58 | | | |
Requirements: Alibaba Cloud has purchased two ECS servers, one server (name: A) has a public network, and the other server (name: B) has no public network, A and B are both in the same region and the same network segment, and A and B are both Linux systems. Server B needs to use Server A to access the external network, download some software, etc. Purchased two servers for testing (ecs.n1.tiny

itsvse-net-y (alias A): has a public IP address, private network address: 192.168.80.168
itsvse-net-n (alias B): No public IP address, private network address: 192.168.80.169



SNAT is built to enable ECS without a public IP address to access the public network in the same VPC.

A server

Enable IP forwarding and take effect, and use iptables to configure SNAT rules to forward traffic from server B through the public IP address of server A. eth0 is the name of the external network card of server A (which can be confirmed by the ip addr command). The command is as follows:


B server

Alibaba Cloud routing table configuration, find the switch corresponding to server B, and then add the route entry, as follows:



The test is shown below:



Reference:
The hyperlink login is visible.
The hyperlink login is visible.




Previous:Node.js Read all files under the folder (including subfolders)
Next:Linux View Network Bandwidth Usage (Real-time Traffic)

Related Posts
 Landlord| Posted on 2025-3-13 09:27:53 |
Add a routing table (This article does not require setup





 Landlord| Posted on 2025-9-22 09:53:50 |
MASQUERADE will dynamically convert the source address into a usable IP address, which is actually exactly the same as the function implemented by SNAT, which is to modify the source address, but SNAT needs to specify which IP to change the source address of the packet, while MASQUERADE does not need to specify a clear IP, and will dynamically modify the source address of the packet to the IP address available on the specified network card.

MASQUERADE is often required when multiple intranet devices are shared on a single device using one VPN
 Landlord| Posted on 2025-11-28 11:46:48 |
NAT (Network Address Translation) Network Address Translation
https://www.itsvse.com/thread-11141-1-1.html
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com