How Do End Users Access the Internet?
- using NAT gateway
- using a proxy server
Method 1: using NAT gateway
The NAT gateway provides the Network Address Translation (NAT) service for Workspace desktops in a VPC so that multiple Workspace desktops can share an EIP to access the Internet.
For detailed operations, see the NAT Gateway User Guide.
After configuring the NAT gateway, you need to set the number of interface metrics on the user desktop.
- Log in to the desktop.
- Go to Network and Sharing Center.
- In the View your active networks area, click Local Area Connection 2 or Ethernet 2.
The Local Area Connection 2 Status dialog box or the Ethernet 2 Status dialog box is displayed.
- Click Properties.
The Local Area Connection 2 Properties dialog box or the Ethernet 2 Properties dialog box is displayed.
- Click Advanced.
The Advanced TCP/IP Settings dialog box is displayed.
- Deselect Automatic metric, and set Interface metric to 2.
- Click OK in sequence to save the settings and close the dialog boxes.
- Click Close to close the Local Area Connection 2 Status dialog box or the Ethernet 2 Status dialog box.
Method 2: using a proxy server
Creating a proxy server
- Ceate a proxy server that runs, for example, CentOS. The proxy server must reside on a subnet different from the one where Workspace resides in the same VPC.
For details about how to configure the ECS, see the Elastic Cloud Server User Guide.
- Configure an elastic IP address for the proxy server to access the Internet.
The following operations use Cent OS 6.6 as an example.
- Log in to the proxy server as user root.
- Run the following command to check whether squid is installed:
rpm -qa|grep squid
- Run the following command to install squid:
yum -y install squid
- Run the following command to edit the squid.conf configuration file:
- Check whether SSH is used for connection.
- Press I to enter the edit mode and add the following content in a blank row.
aclSafe_ports port 22
- Use # to comment out http_access deny CONNECT !SSL_ports.
- Press Esc to exit the edit mode. Type :wq and press Enter.
Save configurations and exit the vi editor.
- Run the following command to restart the squid service.
service squid restart
Configuring security group rules
- Configure security group rules to ensure that the extranet cannot access any port of the proxy server and the user desktop can access only the proxy port of the proxy server.
For details about how to configure security group policies, see the Virtual Private Cloud User Guide.
Configuring the user's browser
- Open the proxy server setting page of the browser.
- Set the IP address and the port of the proxy server to the IP address and the monitoring port configured in 1, respectively.