Monday, January 26, 2015

How to add a Custom NAT instance in AWS VPC?

In this tutorial I am assuming , you must be running VPC in AWS.

NAT Instances

Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with the Internet. You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

To launch NAT instance in AWS , search for NAT in community AMI section , AWS provides lots of NAT instances AMI .

On the Choose an Instance Type page, select the instance type, then click Next: Configure Instance Details.

On the Configure Instance Details page, select the VPC you created from the Network list, and select your public subnet from the Subnet list.

Once NAT instance launch disable the SrcDestCheck attribute for the NAT instance.

Click on “Yes,Disable

Connect to the NAT instance using terminal emulation software (i.e. putty), and allow the ip forwarding on it:

vi /etc/sysctl.conf

Uncomment the below line


Issue the Iptables command for  MASQUERADE:

 iptables -t nat -A POSTROUTING  -s -o eth0 -j MASQUERADE

Modify the NAT instance security group to allow all or desired inbound traffic from private subnet (In my case, or desired server.

Create a custom route, associate your private subnet(s) to it and make a default route to use the NAT instance as a gateway:

No comments: