我已经在两个独立的AWS账户中设置了两个NAT框,并给予必要的安全组权限,以允许两个实例进行对话。
在帐户AI有一个服务需要与帐户B中的服务对话。我们希望通过跨帐户对等来实现这一点,但是我们不能自动执行此过程,所以我们在每个帐户中设置一个NAT实例永久对等连接。
我们需要这些NAT实例将来自账户A中的应用程序的所有stream量路由到账户B中的应用程序。
我相信这将是iptable规则,但经过大量的search,我还没有find明确的答案。
NAT 1 ipconfig:
eth0 Link encap:Ethernet HWaddr 06:FF:01:29:D1:21 inet addr:172.32.34.87 Bcast:172.32.34.255 Mask:255.255.255.0 inet6 addr: fe80::4ff:1ff:fe29:d121/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 RX packets:5198 errors:0 dropped:0 overruns:0 frame:0 TX packets:2136 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5160072 (4.9 MiB) TX bytes:262514 (256.3 KiB) eth0:0 Link encap:Ethernet HWaddr 06:FF:01:29:D1:21 inet addr:172.0.0.0 Bcast:172.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 NAT 2 ipconfig:
eth0 Link encap:Ethernet HWaddr 0A:5F:05:58:5D:FF inet addr:172.32.2.219 Bcast:172.32.2.255 Mask:255.255.255.0 inet6 addr: fe80::85f:5ff:fe58:5dff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 RX packets:32937 errors:0 dropped:0 overruns:0 frame:0 TX packets:5062 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:41548363 (39.6 MiB) TX bytes:412053 (402.3 KiB)
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
应用程序与10.xxx ifconfig:
eth0 Link encap:Ethernet HWaddr 0a:75:f6:ee:f9:9f inet addr:10.105.5.51 Bcast:10.105.5.255 Mask:255.255.255.0 inet6 addr: fe80::875:f6ff:feee:f99f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 RX packets:3098043 errors:0 dropped:0 overruns:0 frame:0 TX packets:1907079 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1593259614 (1.5 GB) TX bytes:272469079 (272.4 MB)
它只是设置了默认的iptables。