Add a Custom NAT instance in AWS VPC

In this tutorial, I am assuming that you have already created VPC with Public and Private subnets

modify vpc

In the above scenario, we’ll create a micro instance inside the public subnet with an IP 10.100.10.0/24, which will act as the gateway for all the instance(s) inside the private subnet (10.100.20.0/24).

6

Also, please create the separate Security Group for NAT instance:

7

 

After the creation of the NAT instance, you will notice, that it doesn’t have Public IP:

10

To Fix this, select the Elastic IPs from the VPC console and click on “Allocate New Addresses“, select the VPC from “EIP used in” and click on “Yes,Allocate” :

11

Assign the allocated Elastic IP to the NAT instance:

12

Now, NAT instance has also Public IP:

publicip

From the EC2 console right click on NAT instance and select “Change Source / Dest. Check”:

sd-check

Click on “Yes,Disable

Screen Shot 2014-04-23 at 10.51.21 am

Connect to the NAT instance using terminal emulation software (i.e. putty), and allow the ip forwarding on it:

nat1

Uncomment the following line:

net.ipv4.ip_forward=1

nat2Note: Please reboot the machine after enabling the ip forwarding or run this command “sysctl -p

Issue the Iptables command for MASQUERADE:

iptables -t nat -A POSTROUTING -o eth0 -s 10.100.20.0/24 -j MASQUERADE

nat3Note: Please adjust your Subnet in above iptables command.

Modify the NAT instance security group to allow all or desired inbound traffic from private subnet (In my case, 10.100.20.0/24) or desired server.

sg-1

Create a custom route, associate your private subnet(s) to it and make a default route to use the NAT instance as a gateway:

rt-1

rt-2

Testing from Server inside the Private Subnet:

ifconfig

ping

traceroute_web

Edit the /etc/rc.local file:

vi /etc/rc.local

pnat-1

Add following to the rc.local before “exit 0“, so that, MASQUERADE will automatically enable at boot time:

iptables -t nat -A POSTROUTING -o eth0 -s 10.100.20.0/24 -j MASQUERADE

pnat-2

Please Remember me in your prayers!

Enjoy  :-)

About these ads

2 responses to “Add a Custom NAT instance in AWS VPC

  1. Pingback: Site-to-Site VPN between AWS VPC and Customer Site using Linux | Lazy Geek -:)

  2. Pingback: Site-to-Site VPN between AWS VPC and Customer Site using Linux | Thoai Media

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 118 other followers

%d bloggers like this: