Use source private IP connectivity with a reverse proxy

This page explains how to set up a reverse proxy on a Compute Engine Virtual Machine (VM) to facilitate source private connectivity for heterogeneous SQL Server migrations.

A reverse proxy VM is required when you want to use private IP connectivity with a source that resides in a different Virtual Private Cloud network than the one where you create a private connectivity configuration for VPC peering.

Set up a reverse proxy

To create a Compute Engine VM to host the proxy, follow these steps:

1. Create a Linux VM instance in Compute Engine.

2. After you connect to the machine, create the necessary iptables routing to forward the traffic. You can use the following script.

   Before using these commands, make the following replacements:

   • SOURCE_PRIVATE_IP with the private IP address of your source instance.
   • PORT with the port number where your source SQL Server instance is listening for connections.

   #! /bin/bash
   
   export DB_ADDR=SOURCE_PRIVATE_IP
   export DB_PORT=PORT
   
   # Enable the VM to receive packets whose destinations do
   # not match any running process local to the VM
   echo 1 > /proc/sys/net/ipv4/ip_forward
   
   # Ask the Metadata server for the IP address of the VM nic0
   # network interface:
   md_url_prefix="http://169.254.169.254/computeMetadata/v1/instance"
   vm_nic_ip="$(curl -H "Metadata-Flavor: Google" ${md_url_prefix}/network-interfaces/0/ip)"
   
   # Clear any existing iptables NAT table entries (all chains):
   iptables -t nat -F
   
   # Create a NAT table entry in the prerouting chain, matching
   # any packets with destination database port, changing the destination
   # IP address of the packet to your source instance IP address:
   iptables -t nat -A PREROUTING \
        -p tcp --dport $DB_PORT \
        -j DNAT \
        --to-destination $DB_ADDR
   
   # Create a NAT table entry in the postrouting chain, matching
   # any packets with destination database port, changing the source IP
   # address of the packet to the NAT VM's primary internal IPv4 address:
   iptables -t nat -A POSTROUTING \
        -p tcp --dport $DB_PORT \
        -j SNAT \
        --to-source $vm_nic_ip
   
   # Save iptables configuration:
   iptables-save

   Your proxy VM is now running. Continue with the rest of the steps required for your source connectivity.

What's next

• Learn more about source connectivity methods. See Source connectivity methods overview.

• To get a complete, step-by-step migration walkthrough, see SQL Server to Cloud SQL for PostgreSQL migration guide.