This page explains how to set up a reverse proxy on a Compute Engine Virtual Machine (VM) to facilitate source private connectivity for heterogeneous SQL Server migrations.
A reverse proxy VM is required when you want to use private IP connectivity with a source that resides in a different Virtual Private Cloud network than the one where you create the private connectivity configuration. For example, you configure this reverse proxy for Cloud SQL sources.
Set up a reverse proxy
To create a Compute Engine VM to host the proxy, follow these steps:
- Create a Linux VM instance in Compute Engine.
- 
    After you connect to the machine, create the necessary iptablesrouting to forward the traffic. You can use the following script.Before using any of the command data below, make the following replacements: - SOURCE_PRIVATE_IP with the private IP address of your source instance.
- PORT with the port number where your source SQL Server instance is listening for connections.
 #! /bin/bash export DB_ADDR=SOURCE_PRIVATE_IP export DB_PORT=PORT # Enable the VM to receive packets whose destinations do # not match any running process local to the VM echo 1 > /proc/sys/net/ipv4/ip_forward # Ask the Metadata server for the IP address of the VM nic0 # network interface: md_url_prefix="http://169.254.169.254/computeMetadata/v1/instance" vm_nic_ip="$(curl -H "Metadata-Flavor: Google" ${md_url_prefix}/network-interfaces/0/ip)" # Clear any existing iptables NAT table entries (all chains): iptables -t nat -F # Create a NAT table entry in the prerouting chain, matching # any packets with destination database port, changing the destination # IP address of the packet to your source instance IP address: iptables -t nat -A PREROUTING \ -p tcp --dport $DB_PORT \ -j DNAT \ --to-destination $DB_ADDR # Create a NAT table entry in the postrouting chain, matching # any packets with destination database port, changing the source IP # address of the packet to the NAT VM's primary internal IPv4 address: iptables -t nat -A POSTROUTING \ -p tcp --dport $DB_PORT \ -j SNAT \ --to-source $vm_nic_ip # Save iptables configuration: iptables-save Your proxy VM is now running. Continue with the rest of the steps required for your source connectivity. 
What's next
- Learn more about source connectivity methods. See Source connectivity methods overview. 
- To get a complete, step-by-step migration walkthrough, see SQL Server to Cloud SQL for PostgreSQL migration guide.