Skip to content
This repository was archived by the owner on Jul 20, 2024. It is now read-only.
This repository was archived by the owner on Jul 20, 2024. It is now read-only.

SNAT not active #46

Open
Open
SNAT not active#46
@jl-DaDar

Description

@jl-DaDar
jl-DaDar
opened on Feb 17, 2022

it works some what but not exactly......
in a private subnet instance I can telnet to google.com 443 and connect but when i traceroute from there it doesn't work

traceroute to google.com (142.250.66.110), 30 hops max, 60 byte packets
 1  ip-173-80-5-183.ap-east-1.compute.internal (173.80.5.183)  0.659 ms  0.638 ms  0.624 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

when I check the nat instance i get below

[ec2-user@ip-173-80-8-231 ~]$ systemctl status snat
● snat.service - SNAT via ENI eth1
   Loaded: loaded (/etc/systemd/system/snat.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2022-02-17 05:18:20 UTC; 3min 58s ago
  Process: 2438 ExecStart=/opt/nat/snat.sh (code=exited, status=0/SUCCESS)
 Main PID: 2438 (code=exited, status=0/SUCCESS)

Feb 17 05:18:12 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + sysctl -q -w net.ipv4.conf.eth1.send_redirects=0
Feb 17 05:18:12 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + rm -f /etc/sysconfig/network-scripts/ifcfg-eth0
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + ip route del default dev eth0
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + curl --retry 10 http://www.example.com
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: Dload  Upload   Total   Spent    Left  Speed
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--...erver
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + systemctl restart amazon-ssm-agent.service
Feb 17 05:18:20 ip-173-80-8-231.ap-east-1.compute.internal systemd[1]: Started SNAT via ENI eth1.
Hint: Some lines were ellipsized, use -l to show in full.`

but i do have internet access from subnet

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions