When you configure an instance that will forward packets, you need to change an option. The option name depends on the cloud vendor. Example usage would be a VPN, or NAT instance.
Normally an instance is source or destination for traffic. However, when the instance is serving as a router, traffic can be received that is destined for another system (forwarding). If Source / Destination is enabled (AWS), or IP Forwarding is disabled (Google), those packets will be dropped. When forwarding IP packets, the traffic goes thru the instance.
AWS
In AWS, you need to disable “Source / Destination Check”. This option can be changed at any time, even while the instance is running.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
In Google, you need to enable “IP Forwarding”. This option can only be enabled when you create an instance. You cannot change this setting later.
https://cloud.google.com/vpc/docs/using-routes
I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.
For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.
Leave a Reply