How Can I Configure Port Redirection?

Requirement

It is expected that the EIP and port on ECS 1 accessed from the Internet can be automatically redirected to the EIP and port on ECS 2.

Linux

For example, to redirect port 1080 on ECS 1 to port 22 on ECS 2 with the following configurations:

Private IP address and EIP of ECS 1: 192.168.72.10 and 123.xxx.xxx.456

Private IP address of ECS 2: 192.168.72.20

• Ensure that the desired ports have been enabled on the ECS security group and firewall.
• Ensure that the source/destination check function is disabled.

  On the ECS details page, click Network Interfaces and disable Source/Destination Check.

  By default, the source/destination check function is enabled. When this function is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. However, this mechanism prevents the packet sender from receiving returned packets. Therefore, disable the source/destination check.

1. Log in to Linux ECS 1.
   1. Run the following command to modify the configuration file:

      vi /etc/sysctl.conf

   2. Add net.ipv4.ip_forward = 1 to the file.
   3. Run the following command to complete the modification:

      sysctl -p /etc/sysctl.conf

2. Run the following commands to add rules to the nat table in iptables so that the access to port 1080 on ECS 1 can be redirected to port 22 on ECS 2:

   iptables -t nat -A PREROUTING -d 192.168.72.10 -p tcp --dport 1080 -j DNAT --to-destination 192.168.72.20:22

   iptables -t nat -A POSTROUTING -d 192.168.72.20 -p tcp --dport 22 -j SNAT --to 192.168.72.10

3. Run the following command to log in to port 1080 on ECS 1 for check:

   ssh -p 1080 123.xxx.xxx.456

   Figure 1 Port redirections on Linux
   

   Enter the password to log in to ECS 2 with hostname ecs-inner.

   Figure 2 Logging in to ECS 2