3 # Configure the instance to run as a Port Address Translator (PAT) to provide
4 # Internet connectivity to private instances.
12 echo "$@" | /usr
/bin
/logger
-t 'ec2-pat'
15 echo "Determining the MAC address on ${IF}"
16 if ! IF_MAC
=$
(/sbin
/ip address show dev
${IF} |
17 /bin
/grep 'link/ether' |
18 /bin
/awk '{print tolower($2)}')
20 log
"Unable to determine MAC address on eth0"
23 log
"Found MAC: ${IF_MAC} on ${IF}"
25 VPC_CIDR_URI
="http://169.254.169.254/latest/meta-data/network/interfaces/macs/${IF_MAC}/vpc-ipv4-cidr-block"
26 if ! VPC_CIDR_RANGE
=$(/usr/bin/curl --retry 3 --retry-delay 1 --silent --fail "${VPC_CIDR_URI}")
28 VPC_CIDR_RANGE
="0.0.0.0/0"
29 log
"Unable to retrive VPC CIDR range from meta-data. Using ${VPC_CIDR_RANGE} instead. PAT may not function correctly!"
31 log
"Retrived the VPC CIDR range: ${VPC_CIDR_RANGE} from meta-data"
34 if ! /sbin
/sysctl
-w 'net.ipv4.ip_forward=1' &&
35 /sbin
/sysctl
-w "net.ipv4.conf.${IF}.send_redirects=0" &&
36 /sbin
/iptables
-t nat
-A POSTROUTING
-o ${IF} -s ${VPC_CIDR_RANGE} -j MASQUERADE
38 log
"Configuration of PAT failed"
42 log
"Configuration of PAT complete"
43 /sbin
/iptables
-save > /etc
/sysconfig
/iptables