How Do I Configure Port Mapping?
Symptom
It is expected that the EIP and port on ECS 1 accessed from the public network can be automatically redirected to the EIP and port on ECS 2.
Linux
For example, to redirect port 1080 on ECS 1 to port 22 on ECS 2 with the following configurations:
Private IP address and EIP of ECS 1: 192.168.72.10 and 123.xxx.xxx.456
Private IP address of ECS 2: 192.168.72.20
- Ensure that the desired ports have been enabled on the ECS security group and firewall.
- Ensure that the source/destination check function is disabled.
On the ECS details page, click Network Interfaces and disable Source/Destination Check.
By default, the source/destination check function is enabled. When this function is enabled, the system checks whether source IP addresses contained in the packets sent by ECSs are correct. If the IP addresses are incorrect, the system does not allow the ECSs to send the packets. This mechanism prevents packet spoofing, thereby improving system security. However, this mechanism prevents the packet sender from receiving returned packets. You need to disable the source/destination check.
- Log in to Linux ECS 1.
- Run the following commands to add rules to the nat table in iptables so that the access to port 1080 on ECS 1 can be redirected to port 22 on ECS 2:
iptables -t nat -A PREROUTING -d 192.168.72.10 -p tcp --dport 1080 -j DNAT --to-destination 192.168.72.20:22
iptables -t nat -A POSTROUTING -d 192.168.72.20 -p tcp --dport 22 -j SNAT --to 192.168.72.10
- Run the following command to log in to port 1080 on ECS 1 for check:
ssh -p 1080 123.xxx.xxx.456
Figure 1 Port redirections on Linux
Enter the password to log in to ECS 2 with hostname ecs-inner.
Figure 2 Logging in to ECS 2
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
