How to access the internet from VPC private subnet

Question

I created on AWS a VPC with a private and a public subnet. I launched an instance from the private subnet and I would like to access the internet through the NAT server.

This is my iptables on my NAT instance.

Chain PREROUTING (policy ACCEPT) num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10234 to:10.0.1.58:22

Chain INPUT (policy ACCEPT) num target prot opt source destination

Chain OUTPUT (policy ACCEPT) num target prot opt source destination

Chain POSTROUTING (policy ACCEPT) num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/16 0.0.0.0/0

What should I add to my NAT or my instance in the private subnet to be able to access the internet from my instance in the private subnet

Thanks a lot!!

Ben Whaley Ben Whaley · Accepted Answer · 2014-04-12T21:15:06

Your MASQUERADE rule is good as is. A few other things from the NAT instance documentation:

You should disable the source/destination check on the NAT instance to allow it to route traffic
Set up the inbound and outbound security group rules to allow the traffic as needed.
Make sure the route table for your private subnet points to the NAT instance

How to access the internet from VPC private subnet

4 Answers