Versions Compared

Old Version 2

changes.mady.by.user Anna Liao

Saved on

compared with

New Version 3

changes.mady.by.user Anna Liao

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a security group for the proxy instance. The security group will need to allow access to the instance itself, and ports that are to be forwarded to internal groups. Name the group Proxy:

...

  1.  

    Code Block
    Rule: Custom TCP Rule:

...

  1. 
Open Port: Port

...

  1. 
Port: 22

...

  1. 
Remote: CIDR

...

  1. 
CIDR: 0.0.0.0/0

...

  1. 


Rule: Custom TCP Rule:

...

  1. 
Open Port: Port

...

  1. 
Port: 2200

...

  1. 
Remote: CIDR

...

  1. 
CIDR: 0.0.0.0/0

...

  1. 


Rule: Custom TCP Rule:

...

  1. 
Open Port: Port

...

  1. 
Port: 80

...

  1. 
Remote: CIDR

...

  1. 
CIDR: 0.0.0.0/0

           

...

  1.   

  2. Create a security group for the internal instances named Internal: 

    Code Block
    Rule: Custom TCP Rule:

...

  1. 
Open Port: Port Range

...

  1. 
From Port: 1

...

  1. 
To Port: 65535

...

  1. 
Remote: Security Group

...

  1. 
Security Group: Proxy

...

...
  1.  
...
  1. Launch the proxy instance:
...
  1.  
    Image: Ubuntu 14.04
     Flavor: m1.tiny
     Security groups: Proxy
     Key pair: pre-generated
...
 Status
colourBlue
titleNote
...
  1. (https://wiki.cybera.ca/display/RAC/Part+1+-+Basic+Guide%3A+Using+the+Cybera+Rapid+Access+Cloud#Part1-BasicGuide:UsingtheCyberaRapidAccessCloud-CreateaKeyPair)
     Note
    The proxy instance must be provisioned from the Ubuntu 14.04 image, as it contains pre-built scripts that enable proxy functionality.
 
...
  1. Launch internal instance:
...
  1.  
...
  1. Image: Ubuntu 14.04
...
  1.  Flavor: m1.small
...
  1.  Security Groups: Internal
...
  1.  Key pair: pre-generated
...
 
...
  1. (https://wiki.cybera.ca/display/RAC/Part+1+-+Basic+Guide%3A+Using+the+Cybera+Rapid+Access+Cloud#Part1-BasicGuide:UsingtheCyberaRapidAccessCloud-CreateaKeyPair)
  2. Allocate and associate a floating IP to the proxy instance.
...
 
...
...
  1. Log-in to the proxy instance.
 
 
...
  1. Add the following lines to /etc/rac-iptables.sh to permit network address translation (NAT) forwarding to the internal instance. You must be root to modify rac-iptables.sh:
...
  1.  
     Code Block
    iptables -t nat -A PREROUTING -p tcp --dport 2200 -j DNAT --to-destination <private_ip_internal_instance>:22
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <private_ip_internal_instance>:80
...
  1. Run /usr/local/bin/proxyServer to enable IP forwarding, enable the rules added in step 7 to run at boot, and load those same rules immediately.
...
  1. Log-in to the internal instance via the proxy instance. Make sure you specify port 2200, else you will only ssh to the proxy:
...
  1.  
     Code Block
     $ ssh -p 2200 -i /path/to/<private_key> ubuntu@<floating_ip>
...
  1. Install apache on the internal instance: 
     Code Block
...
  1. $ sudo apt-get update && sudo apt-get install -y apache2
You can now browse to the default apache page using the floating IP address. Just as the ssh session is forwarded to the internal instance via the rules specified in step 7 above, the browser will connect to port 80 on the proxy instance and be forwarded to port 80 of the internal instance.
...