Use source private IP connectivity with a reverse proxy
Stay organized with collections
Save and categorize content based on your preferences.
This page explains how to set up a reverse proxy on a Compute Engine
Virtual Machine (VM) to facilitate source private connectivity for
heterogeneous Oracle migrations.
After you connect to the machine, create the necessary iptables
routing to forward the traffic. You can use the following script.
Before using any of the command data below, make the following replacements:
SOURCE_PRIVATE_IP with
the private IP address of your source instance.
PORT with the port number where
your source Oracle instance is listening for connections.
#! /bin/bashexportDB_ADDR=SOURCE_PRIVATE_IPexportDB_PORT=PORT# Enable the VM to receive packets whose destinations do# not match any running process local to the VMecho1>/proc/sys/net/ipv4/ip_forward
# Ask the Metadata server for the IP address of the VM nic0# network interface:md_url_prefix="http://169.254.169.254/computeMetadata/v1/instance"vm_nic_ip="$(curl-H"Metadata-Flavor: Google"${md_url_prefix}/network-interfaces/0/ip)"# Clear any existing iptables NAT table entries (all chains):
iptables-tnat-F
# Create a NAT table entry in the prerouting chain, matching# any packets with destination database port, changing the destination# IP address of the packet to your source instance IP address:
iptables-tnat-APREROUTING\-ptcp--dport$DB_PORT\-jDNAT\--to-destination$DB_ADDR# Create a NAT table entry in the postrouting chain, matching# any packets with destination database port, changing the source IP# address of the packet to the NAT VM's primary internal IPv4 address:
iptables-tnat-APOSTROUTING\-ptcp--dport$DB_PORT\-jSNAT\--to-source$vm_nic_ip# Save iptables configuration:
iptables-save
Your proxy VM is now running. Continue with the rest of the steps
required for your source connectivity.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Use source private IP connectivity with a reverse proxy\n\nThis page explains how to set up a reverse proxy on a Compute Engine\nVirtual Machine (VM) to facilitate source private connectivity for\nheterogeneous Oracle migrations.\n\nA reverse proxy VM is required when you want to use\n[private IP connectivity](/database-migration/docs/oracle-to-postgresql/networking-methods-source#private-connectivity-for-source) with a source that resides\nin a different Virtual Private Cloud network than the one where you\n[create the private connectivity configuration](/database-migration/docs/oracle-to-postgresql/create-private-connectivity-configuration).\n\nSet up a reverse proxy\n----------------------\n\nTo create a Compute Engine VM to host the proxy, follow these steps:\n\n1. [Create a Linux VM instance in Compute Engine](/compute/docs/create-linux-vm-instance).\n2. After you connect to the machine, create the necessary `iptables`\n routing to forward the traffic. You can use the following script.\n\n Before using any of the command data below, make the following replacements:\n - \u003cvar class=\"edit\" scope=\"SOURCE_PRIVATE_IP\" translate=\"no\"\u003eSOURCE_PRIVATE_IP\u003c/var\u003e with the private IP address of your source instance.\n - \u003cvar class=\"edit\" scope=\"PORT\" translate=\"no\"\u003ePORT\u003c/var\u003e with the port number where your source Oracle instance is listening for connections.\n\n ```bash\n #! /bin/bash\n\n export DB_ADDR=SOURCE_PRIVATE_IP\n export DB_PORT=PORT\n\n # Enable the VM to receive packets whose destinations do\n # not match any running process local to the VM\n echo 1 \u003e /proc/sys/net/ipv4/ip_forward\n\n # Ask the Metadata server for the IP address of the VM nic0\n # network interface:\n md_url_prefix=\"http://169.254.169.254/computeMetadata/v1/instance\"\n vm_nic_ip=\"$(curl -H \"Metadata-Flavor: Google\" ${md_url_prefix}/network-interfaces/0/ip)\"\n\n # Clear any existing iptables NAT table entries (all chains):\n iptables -t nat -F\n\n # Create a NAT table entry in the prerouting chain, matching\n # any packets with destination database port, changing the destination\n # IP address of the packet to your source instance IP address:\n iptables -t nat -A PREROUTING \\\n -p tcp --dport $DB_PORT \\\n -j DNAT \\\n --to-destination $DB_ADDR\n\n # Create a NAT table entry in the postrouting chain, matching\n # any packets with destination database port, changing the source IP\n # address of the packet to the NAT VM's primary internal IPv4 address:\n iptables -t nat -A POSTROUTING \\\n -p tcp --dport $DB_PORT \\\n -j SNAT \\\n --to-source $vm_nic_ip\n\n # Save iptables configuration:\n iptables-save\n ```\n\n Your proxy VM is now running. Continue with the rest of the steps\n required for your source connectivity.\n\nWhat's next\n-----------\n\n- Learn more about source connectivity methods. See\n [Source connectivity methods overview](/database-migration/docs/oracle-to-postgresql/networking-methods-source).\n\n- To get a complete, step-by-step migration walkthrough, see\n [Oracle to Cloud SQL for PostgreSQL migration guide](/database-migration/docs/oracle-to-postgresql/guide)."]]