I have an Ubuntu box I wish to use as NAT instance (among other things). I would prefer to avoid using the NAT AMIs provided by Amazon, and instead configuring NAT myself.
Currently, my host has a single network interface (as shown in http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html ).
Should I be able to configure my Ubuntu host as the NAT instance for the other hosts in my Amazon network?
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5 454 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
I tried configuring a NAT rule in the Ubuntu host (10.200.0.51). My second host is on a different network (10.200.10.41/24). So I wrote:
route add -net 10.200.0.0 netmask 255.255.255.0 dev eth0 # So I can reach 10.200.0.51
route add default gw 10.200.0.51
But the machine lost the connection.
What am I misunderstanding regading the usage of NAT instances and routing in Amazon?
Answer
I have installed an Amazon NAT AMI and checked the relevant configuration:
[root@ip-10-200-0-172 ec2-user]# iptables -L -n -v -x -t nat
Chain PREROUTING (policy ACCEPT 11 packets, 660 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 11 packets, 660 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 357 packets, 24057 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
357 24057 MASQUERADE all -- * eth0 10.200.0.0/16 0.0.0.0/0
[root@ip-10-200-0-172 ec2-user]# cat /proc/sys/net/ipv4/ip_forward
1
In addition, the machine needs to have a public IP, and the Sourc/Dest check needs to be disabled.
This machine can then be used as NAT instance.
Routing for other hosts is configured at EC2 level (using the "Routing table" feature).
No comments:
Post a Comment