Help Center/ NAT Gateway/ User Guide (Paris Region) / FAQs/ SNAT Rules/ What Should I Do If My ECS Fails to Access a Server on the Public Network Through a NAT Gateway?
Updated on 2024-03-30 GMT+08:00

What Should I Do If My ECS Fails to Access a Server on the Public Network Through a NAT Gateway?

TCP connection may fail when an ECS accesses a server on the public network through an SNAT rule. Perform the following steps to locate the fault cause:

  1. Run the following command to check whether tcp_tw_recycle is enabled on the remote server:

    sysctl -a|grep tcp_tw_recycle

    If tcp_tw_recycle is set to 1, tcp_tw_recycle is enabled.

  2. Run the following command to check the number of lost packets of the remote server:

    cat /proc/net/netstat | awk '/TcpExt/ { print $21,$22 }'

    If ListenDrops is not set to 0, packet loss occurs, that is, the network is faulty.

Troubleshooting

Method 1: Modifying the kernel parameter of the remote server

  • Run the following command to temporarily modify the parameters (the modification becomes invalid after the server is restarted):

    sysctl -w net.ipv4.tcp_tw_recycle=0

  • Perform the following operations to permanently modify the parameters:
    1. Modify the /etc/sysctl.conf file:

      vi /etc/sysctl.conf

      Add the following content to the file:

      net.ipv4.tcp_tw_recycle=0

    2. Press Esc, enter :wq!, and save the file and exit.
    3. Run the following command to make the modification take effect:

      sysctl -p

Method 2: Modifying the kernel parameter of the local client

  • To temporarily modify parameters (the settings become invalid after the local client is restarted), configure the parameter as follows:

    sysctl -w net.ipv4.tcp_timestamps=0

  • Perform the following operations to permanently modify the parameters:
    1. Modify the /etc/sysctl.conf file:

      vi /etc/sysctl.conf

      Add the following content to the file:

      net.ipv4.tcp_timestamps=0

    2. Press Esc, enter :wq!, and save the file and exit.
    3. Run the following command to make the modification take effect:

      sysctl -p