Difference between revisions of "Create Custom NAT Instance in AWS VPC"

Purpose

Build a NAT instance using CentOS to propose internet access for private subnet in AWS VPC.
In this tutorial, we assume that we already have a VPC with public and prvate subnet like below picture.

Preparation

Make sure we understand for public and private subnet in AWS VPC.
We already have a new instance in public subnet which will be set as NAT server.
We already have an instance in private subnet for a test.

Disable Source/Dest. Check for the NAT Server

In AWS EC2 Dashboard → Select the Instance → Action → Networking → Change Source/Dest. Check :

Yes. Disable.

Configure System

First, update the system :

[root@nat-server ~]# yum update

In /etc/sysctl.conf enable ip forwarding :

[root@nat-server ~]# vi /etc/sysctl.conf

Add this :

# For NAT Server
net.ipv4.ip_forward = 1

Reboot now for good measure :

[root@nat-server ~]# reboot

Test our config :

[centos@nat-server ~]$ cat /proc/sys/net/ipv4/ip_forward
1

Set Iptables for Masquerade

Issue iptables command below :

[centos@nat-server ~]$ iptables -t nat -A POSTROUTING -o eth0 -s 172.31.158.0/24 -j MASQUERADE

Edit the /etc/rc.local file to make masquerade will automatically enable at boot time :

[centos@nat-server ~]$ vi /etc/rc.local

And add this iptables command at the end of the file :

iptables -t nat -A POSTROUTING -o eth0 -s 172.31.158.0/24 -j MASQUERADE
exit 0

Run 'chmod +x /etc/rc.d/rc.local' to ensure the script will be executed during boot :

[centos@nat-server ~]$ chmod +x /etc/rc.d/rc.local

Modify the NAT Instance Security Group

Create Custom Route to Associate the Private Subnet

In AWS VPC Dashboard → Route Tables → Create Route Table

Name tag : [name the route table]
VPC : [choose the VPC]

In Route Table which early created → Routes → Edit Route → Add Route

Destination : 0.0.0.0/0
Target : Instance [choose the nat server instance]

Test from Instance Inside Private Subnet