Skip to content
This repository has been archived by the owner on Jul 20, 2024. It is now read-only.

SNAT not active #46

Open
jl-DaDar opened this issue Feb 17, 2022 · 0 comments
Open

SNAT not active #46

jl-DaDar opened this issue Feb 17, 2022 · 0 comments

Comments

@jl-DaDar
Copy link

jl-DaDar commented Feb 17, 2022
edited
Loading

it works some what but not exactly......
in a private subnet instance I can telnet to google.com 443 and connect but when i traceroute from there it doesn't work

traceroute to google.com (142.250.66.110), 30 hops max, 60 byte packets
 1  ip-173-80-5-183.ap-east-1.compute.internal (173.80.5.183)  0.659 ms  0.638 ms  0.624 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

when I check the nat instance i get below

[ec2-user@ip-173-80-8-231 ~]$ systemctl status snat
● snat.service - SNAT via ENI eth1
   Loaded: loaded (/etc/systemd/system/snat.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2022-02-17 05:18:20 UTC; 3min 58s ago
  Process: 2438 ExecStart=/opt/nat/snat.sh (code=exited, status=0/SUCCESS)
 Main PID: 2438 (code=exited, status=0/SUCCESS)

Feb 17 05:18:12 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + sysctl -q -w net.ipv4.conf.eth1.send_redirects=0
Feb 17 05:18:12 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + rm -f /etc/sysconfig/network-scripts/ifcfg-eth0
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + ip route del default dev eth0
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + curl --retry 10 http://www.example.com
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: Dload  Upload   Total   Spent    Left  Speed
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--...erver
Feb 17 05:18:13 ip-173-80-8-231.ap-east-1.compute.internal snat.sh[2438]: + systemctl restart amazon-ssm-agent.service
Feb 17 05:18:20 ip-173-80-8-231.ap-east-1.compute.internal systemd[1]: Started SNAT via ENI eth1.
Hint: Some lines were ellipsized, use -l to show in full.`

but i do have internet access from subnet
@jl-DaDar jl-DaDar changed the title Not working for me somehow SNAT not active Feb 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jl-DaDar