Hello, how are you?
I am having an inconvenient with a VPC Gateway, following the guide https://docs.digitalocean.com/products/networking/vpc/resources/droplet-as-gateway/ , I implemented all the steps, but by integrating a server within the vpc network and redirecting traffic through the gateway server, I have problems with my application that is running on apache, because only when I access the link works quickly and after that all HTTP requests are never called .
Design Implemented: https://docs.digitalocean.com/products/networking/vpc/resources/droplet-as-gateway/
I leave information of MTR Report from Server inside the VPC:
mtr --report google.com
Start: 2022-02-21T22:51:48+0000
HOST: vps-host Loss% Snt Last Avg Best Wrst StDev 1.|-- _gateway 0.0% 10 0.9 1.0 0.8 1.5 0.2
2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
3.|-- www.xxx.yyy.zzz 0.0% 10 16.7 6.2 1.1 16.7 5.2
4.|-- www.xxx.yyy.zzz 0.0% 10 10.3 4.4 1.9 10.3 3.7
5.|-- www.xxx.yyy.zzz 0.0% 10 1.7 3.8 1.3 23.0 6.8
6.|-- www.xxx.yyy.zzz 0.0% 10 2.1 2.3 2.0 3.6 0.5
7.|-- www.xxx.yyy.zzz 0.0% 10 2.0 18.8 1.9 166.0 51.7
8.|-- www.xxx.yyy.zzz 0.0% 10 2.8 2.9 2.7 3.2 0.2
9.|-- www.xxx.yyy.zzz 0.0% 10 3.0 2.9 2.8 3.0 0.1
10.|-- lga25s81-in-f14.1e100.net 0.0% 10 2.8 3.4 2.8 8.1 1.7
I leave information of MTR Report from gateway:
mtr --report google.com
Start: 2022-02-21T22:54:56+0000
HOST: vps-gateway Loss% Snt Last Avg Best Wrst StDev 1.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
2.|-- www.xxx.yyy.zzz 0.0% 10 0.5 0.7 0.5 1.2 0.2
3.|-- www.xxx.yyy.zzz 0.0% 10 0.8 3.8 0.8 27.6 8.4
4.|-- www.xxx.yyy.zzz 0.0% 10 0.7 0.8 0.6 1.2 0.1
5.|-- www.xxx.yyy.zzz 0.0% 10 0.9 1.0 0.9 1.4 0.1
6.|-- www.xxx.yyy.zzz 0.0% 10 1.3 1.4 1.2 1.8 0.2
7.|-- www.xxx.yyy.zzz 0.0% 10 1.9 2.0 1.9 2.2 0.1
8.|-- www.xxx.yyy.zzz 0.0% 10 1.8 1.9 1.8 2.2 0.1
9.|-- lga25s79-in-f14.1e100.net 0.0% 10 1.9 1.9 1.8 2.3 0.1
I look forward to hearing from you, thank you!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
Based on the MTR reports you’ve provided:
-
MTR Report Observations:
- From the server inside the VPC, there’s 100% loss at hop 2, which appears to be the gateway. However, traffic seems to recover after that.
- The gateway itself has no problem reaching google.com directly.
-
Possible Issues:
- Gateway Configuration: The first and most obvious point of failure could be the gateway droplet configuration, specifically the
iptablesrules for NAT (Network Address Translation) and forwarding. - Apache Configuration: If the application on Apache is the only one experiencing issues (i.e., other services or pings work fine), there might be a configuration problem with Apache itself or the application you’re running on it.
- Gateway Configuration: The first and most obvious point of failure could be the gateway droplet configuration, specifically the
-
Troubleshooting Steps:
- Check Gateway Configuration: Ensure that you have enabled IP forwarding and properly set up NAT on your gateway droplet:
sudo sysctl net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- Check Routes: On the server inside the VPC, check the default route with
ip route show. Ensure the gateway is correctly set to the private IP address of your gateway droplet. - Check Application Logs: Look at the Apache error and access logs. They might provide insights into why requests to your application are failing.
- Firewall: Ensure there are no
ufworiptablesrules on both the VPC server and the gateway that might be causing the problem. - Service Check: Restart the Apache service to see if that resolves any hitches.
- Diagnostics: Run diagnostics on the server inside the VPC:
- Check if there are any packet drops with
netstat -s. - Usetcpdumpto inspect packets and see if anything stands out as problematic, especially when you try to access your application.- Alternative Route: As a diagnostic step, try bypassing the gateway temporarily to see if your application works without it. If everything works fine without the gateway, then the problem is likely in the NAT or routing configuration. If the problem persists, then the issue might be local to your Apache setup or application.
-
Remember:
- Any changes made to
iptablesmight be lost upon reboot unless saved. You can useiptables-persistentto ensure they persist. - If you’ve altered any configurations while troubleshooting, always remember to revert changes if they don’t lead to a solution to avoid introducing more problems.
- Any changes made to
If after these steps you’re still encountering issues, it would be beneficial to get more specific information about your Apache configuration, the nature of the application, and more specifics about the networking setup.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.