Reputation: 131
How to access the internet from VPC private subnet
I created on AWS a VPC with a private and a public subnet. I launched an instance from the private subnet and I would like to access the internet through the NAT server.
This is my iptables on my NAT instance.
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10234 to:10.0.1.58:22
Chain INPUT (policy ACCEPT) num target prot opt source destination
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/16 0.0.0.0/0
What should I add to my NAT or my instance in the private subnet to be able to access the internet from my instance in the private subnet
Thanks a lot!!
Upvotes: 3
Views: 10730
Answers (4)
Reputation: 23811
I am assuming that you want to achieve this:
- You can create a custom nat instance in your public subnet
- Add the custom created nat instance as the default gateway inside the routing table that is associated to private subnet
This step by step tutorial can help you to attach your goal. Hope that will help you
Upvotes: 1
Reputation: 21
Select the AMI below from Community AMIs and launch the instance in public subnet. After launching the instance, associate it to private route table in route tables
amzn-ami-vpc-nat-pv-2014.03.2.x86_64-ebs (ami-809f4ae8)
No need to do anything on the instance, by default it should work.
Upvotes: 2
Reputation: 1
There are two other things you need to do on top of the other answer provided.
You need to and an inbound rule to your nat instance to allow traffic from the private subnet
You also need to disable source/destination check on your nat instance
Upvotes: 0
Reputation: 34436
Your MASQUERADE rule is good as is. A few other things from the NAT instance documentation:
- You should disable the source/destination check on the NAT instance to allow it to route traffic
- Set up the inbound and outbound security group rules to allow the traffic as needed.
- Make sure the route table for your private subnet points to the NAT instance
Upvotes: 7
Related Questions
- AWS - Accessing instances in private subnet using EIP
- Connecting from public subnet to private subnet
- How to access to EC2 Instance in private subnet?
- Allow resources in a private subnet access access between them and egress to internet
- AWS - vpc: private subnet access from public subnet
- SSH into private VPC subnet
- AWS Public Subnet Internet Access for Non Public IP Instances
- Access Internet from AWS VPC instance without public IP address
- Why can't I access the internet from my private subnet on an AWS VPC?
- AWS vpc access the Internet from public subnet