我们如何获得私有子网中的Apache实例?
组态
具有1个NAT实例的公有子网
有1个App实例的私有子网
细节
1.伪装是通过NAT打开的
iptables -t nat -A POSTROUTING -j MASQUERADE 2. PREROUTING通过启用
iptables -t nat -A PREROUTING -p tcp --port 80 -j DNAT --to-destination 10.0.10.102:80
3.在/proc/sys/net/ipv4/ip_forward启用端口转发
4. NAT和应用程序的安全组(将永远不会保留在生产,但纯粹是为了显示所有的端口是开放的)
Inbound All Traffic 0.0.0.0/0 Outbound All Traffic 0.0.0.0/0
5.networkingACL
Inbound All Ports 0.0.0.0/0 Outbound All Ports 0.0.0.0/0
6.为外部请求进行工作
ping google.com wget google.com
7. Apache正在监听私有子网中的App实例。
netstat -tulpn Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::80 :::* LISTEN -
Apachestream量
对私有子网上的Apache服务器的公共请求不起作用。
wget http://127.0.0.0.1/index.html => success # public IP requests wget http://xxx.xxx/index.html => failure Connecting to xxx.xxx:80... => hangs
从NAT主机terminal
sudo tcpdump -i any -n port 80 sudo: unable to resolve host ip-10-0-0-71 15:22:17.668089 IP 10.0.10.102.54033 > XXXX80: Flags [S], seq 848018267, win 26883, options [mss 8961,sackOK,TS val 19553465 ecr 0,nop,wscale 7], length 0 15:22:17.668111 IP 10.0.0.71.54033 > XXXX80: Flags [S], seq 848018267, win 26883, options [mss 8961,sackOK,TS val 19553465 ecr 0,nop,wscale 7], length 0
我们需要做些什么,Apache将从私有子网工作?