I followed this tutorial to set up a gateway server and VPC-only backend server (I’ll refer to them as GW and BE for brevity’s sake). However, after removing the public IP from the netplan file in the last step of the BE configuration guide, the backend server cannot access the internet at all. For whatever reason it seems the backend server is not successfully using the GW as a proxy to access the web. Whenever I try to ping a site (i.e. google.com) from the BE it gives me the error: “Temporary failure in name resolution.”

I know some people have had trouble getting this configuration to work because UFW was blocking routing requests on the GW server, but the results are the same for me even if I disable UFW on both servers. I know the GW and BE are connected in the network because I can ping the BE via its private IP from the GW. Any help with why this isn’t working would be greatly appreciated. I also don’t know how to troubleshoot where in the rerouting process the problem is occurring, so tips in that vein would be useful as well.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi,

Let’s make some assumptions:

  1. Both GW and BE use their interfaces eth1 in VPC
  2. VPC subnet is 10.106.0.0/20
  3. GW eth1 ip address is 10.106.0.2
  4. BE eth1 ip address is 10.106.0.3

1. Check whether BE’s routing table contains a default route via GW. Run the below command:

ip route show
Output
default via 10.106.0.2 dev eth1 proto static 10.16.0.0/16 dev eth0 proto kernel scope link src 10.16.0.6 10.106.0.0/20 dev eth1 proto kernel scope link src 10.106.0.3 ...

If this route is not present, check a network configuration file /etc/netplan/50-cloud-init.yaml. Here is an example of the content of this file:

/etc/netplan/50-cloud-init.yaml
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 444.333.222.111/20
            - 10.16.0.6/16
            match:
                macaddress: b2:c3:d4:e5:f0:ef
            nameservers:
                addresses:
                - 67.207.67.2
                - 67.207.67.3
                search: []
            set-name: eth0
        eth1:
            addresses:
            - 10.106.0.3/20
            match:
                macaddress: 8a:7b:6c:5b:f6:aa
            nameservers:
                addresses:
                - 67.207.67.2
                - 67.207.67.3
                search: []
            routes:
            - to: 0.0.0.0/0
              via: 10.106.0.2
            set-name: eth1

The added routes section is highlighted. Double check an indentation. It must be consistent. To check it, run the command below:

sudo netplan apply -debug

If there is any issue related to improper indentation, you will get a message like this:

Output
/etc/netplan/50-cloud-init.yaml:35:13: Invalid YAML: inconsistent indentation: - to: 0.0.0.0/0 ^

I hope it helps.