I try to implement this network in amazon AWS:
Therefore, I have the following subnets in amazon VPC:
The subnet subnet-0ac620105fc198e33
uses a NAT Gateway with an elastic IP having the following route table:
The nat-0de30b43c561c4161
is my nat gateway.
The others subnets 2 use the default route table:
And all subnets have the following ACL
The same rules shown above are applied to inbound and outbound traffic.
I also, have 2 EC-2 instances:
- That is located in a public subnet used for ssh access in the ones that are in the subnet using the NAT gateway
- One inthe subnet using the nat gateway
After having access to the second EC-2 instance, I run the following command:
ping 8.8.8.8
curl http://google.com
But fails to connect into google. Why I am unable to connect?
Best Answer
Summary: the NAT gateway must be in a public subnet, and it must have a route to an internet gateway. AWS documentation covers this here and here.
Look that nat gateway is in a subnet that is accessed through a normal internet gateway in your case both Host1 and Nat Gateway can be in the same subnet or in a subnet that forwards the traffic through a normal internet gateway.
In a simple image what you must achieve is the following:
So consider Nat Gateway as another host that forwards traffic to a subnet that has internet gateway. The diagram above shows how each machine should be connected to internet. In your case
Host 2
accessesSubnet 2
and through Nat Gatewaty and subnet 1 via a normal Internet gateway accesses the Internet.In your case, either the subnets
subnet-0c8192051e2a46965
orsubnet-065ae3de09e9f8355
are suitable to host the Nat Gateway. But Nat Gateway must NOT be in the subnetsubnet-0ac620105fc198e33
In order to change the subnet of the Nat Gateway you must create a new one Nat Gateway afterwards update the route table to utilize the Nat gateway. If you want to keep the Elastic IP wait for the old Nat Gateway to be deleted. Afterwards, use the new one.
And remember once you are creating the new Nat Gateway in this field as shown bellow:
Select either the subnets
subnet-0c8192051e2a46965
orsubnet-065ae3de09e9f8355
.