Use this procedure to enable a DNS query from the PKT0 port via the HFE.

Procedure

  1. Obtain the Primary IPv4 addresses for both the SBC Pkt0 interfaces and HFE eth0.
    (Get this information from the AWS console under ‘Private IPv4 addresses' when viewing the instance)
  2. Stop the HFE:
    1. Select Instance.
    2. Select Instance state.
    3. Select Stop instance.
  3. Update the HFE user-data.
    1. Select Instance.
    2. Select Actions.
    3. Select Edit user data.

    4. In the user-data, add the following lines ending in '#DNS Query' by replacing the values in < > with the IPs identified in step 1:

      Example
      sudo /bin/bash $HFE_FILE setup
/bin/echo "Configured using HFE script - $HFE_FILE" >> $LOG_FILE
sudo iptables -t nat -I POSTROUTING -o eth0 -s <Active SBC Pkt0 Primary IP> -j SNAT --to <HFE Eth0 primary IP>     #DNS Query
sudo iptables -t nat -I POSTROUTING -o eth0 -s <Standby SBC Pkt0 Primary IP> -j SNAT --to <HFE Eth0 primary IP>    #DNS Query
/bin/echo "Added rules to support DNS queries from SBC" >> $LOG_FILE                                               #DNS Query
/bin/echo $(timestamp) " =========================   Done    ==========================================" >> $LOG_FILE
--//
    5. Select Save.
  4. Start the HFE:
    1. Select Instance.
    2. Select Instance state.
    3. Select Start instance.

Verification

Use the following procedure to verify the changes:

  1. Login to HFE as ec2-user using the mgmt port.
  2. Run sudo iptables -t nat -vnL.
  3. Verify the rules for the primary IPs appear in the POSTROUTING Chain.


Note

In some Amazon Linux 2 AMIs, cloudinit will not get the latest user-data, and instead uses a cached version. 

If the new rules are not added, then perform the following steps:

  1. Check if the user-data is the latest: 
    sudo cat /var/lib/cloud/instance/user-data.txt
  2. If the user-data is not the latest:
    1. Remove the cached files:
      sudo rm -rf /var/lib/cloud/instances/*
    2. Reboot the instance: 
      sudo reboot
    3. Re-verify using steps 1-3 above.
  3. If the user-data is the latest:
    1. Try manually copying each iptables command from the user-data and issuing it on the Linux command line.
      Any errors with the command will be returned.