How to access the internet from VPC private subnet

amazon-web-services subnet vpc
Elie picture Elie · Apr 12, 2014 · Viewed 9.7k times · Source

I created on AWS a VPC with a private and a public subnet. I launched an instance from the private subnet and I would like to access the internet through the NAT server.

This is my iptables on my NAT instance.

Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10234 to:10.0.1.58:22

Chain INPUT (policy ACCEPT) num target prot opt source destination

Chain OUTPUT (policy ACCEPT) num target prot opt source destination

Chain POSTROUTING (policy ACCEPT) num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/16 0.0.0.0/0

What should I add to my NAT or my instance in the private subnet to be able to access the internet from my instance in the private subnet

Thanks a lot!!

Answer

Ben Whaley picture Ben Whaley · Apr 12, 2014

Your MASQUERADE rule is good as is. A few other things from the NAT instance documentation:

  1. You should disable the source/destination check on the NAT instance to allow it to route traffic
  2. Set up the inbound and outbound security group rules to allow the traffic as needed.
  3. Make sure the route table for your private subnet points to the NAT instance

Related questions

Reference an existing AWS VPC Id in CloudFormation script when creating subnets

How do you reference the VPC Id of an existing VPC (which has been created before in a separate CloudFormation script) in CloudFormation script in order to create subnets in the VPC?

Read More
How to validate an invalid CIDR block?

I have the following CIDR reserved for my VPC -> 10.0.0.0/22 What this tells me is that I have 10 bits leftover for my host ips or 1,024 addresses. I was attempting to compute the range of valid addresses, as Amazon asks …

Read More
What is VPC, Subnet in AWS

What are AWS VPCs (virtual private clouds)? What practical purposes do they serve? Is it mandatory to launch instances within a VPC? What are the subnets and why are they necessary? Do subnets correspond to a particular region?

Read More