What Should I Do If My ECS Fails to Access a Server on the Public Network Through a Public NAT Gateway?

TCP connection may fail when an ECS accesses a server on the public network through an SNAT rule. Perform the following steps to locate the fault cause:

1. Run the following command to check whether tcp_tw_recycle is enabled on the remote server:

   sysctl -a|grep tcp_tw_recycle

   If tcp_tw_recycle is set to 1, tcp_tw_recycle is enabled.

2. Run the following command to check the number of lost packets of the remote server:

   cat /proc/net/netstat | awk '/TcpExt/ { print $21,$22 }'

   If ListenDrops is not set to 0, packet loss occurs, that is, the network is faulty.

Method 2: Modifying the kernel parameter of the local client

• To temporarily modify parameters (the settings become invalid after the local client is restarted), configure the parameter as follows:

  sysctl -w net.ipv4.tcp_timestamps=0

• Perform the following operations to permanently modify the parameters:
  1. Modify the /etc/sysctl.conf file:

     vi /etc/sysctl.conf

     Add the following content to the file:

     net.ipv4.tcp_timestamps=0

  2. Press Esc, enter :wq!, and save the file and exit.
  3. Run the following command to make the modification take effect:

     sysctl -p