This guide assumes you already have a VPC set with a NAT acting as
a gateway to a private subnet.
In this example I want to port forward port 2222 from the
NAT to port 22 on an instance in the private subnet.
Something like this
SSH into NAT
To accomplish this I am going to us IPtables from within my
NAT instance.
My NAT instance has Elastic IP 107.23.145.253
SSH to it
> ssh
-i .ec2/pats-keypair.pem ec2-user@107.23.145.253
|
The private server is at 10.0.1.30, The internal IP of the
nat is 10.0.0.25
Run the following command to update the IP tables to route
port 2222 from the NAT to port 22 on the private server
> sudo
iptables -t nat -I PREROUTING -d 10.0.0.25 -p tcp --dport 2222 -j DNAT --to
10.0.1.30:22
|
Update security group for NAT
From the VPC click on Security Groups then choose the security group associated with your NAT, in my case it’s the default. (or you could create a new security group and associate it)
Click on the Inbound Tag. Select Custom TCP Rule. Enter 2222 and click Add Rule.
Click Apply Rule Changes.
Make sure the port 2222 has been added. (I had an issue with this, not sure why I did
hit apply rule changes)
From outside the system SSH into the system using port 2222 to forward to the system in the private subnet.
> ssh -i
.ec2/pats-keypair.pem -p 2222 ubuntu@107.23.145.253
|
That worked
Run
> ifconfig
-a
|
Yep this is the correct machine it has internal IP address 10.0.1.30
References
NA
NA
Great, now how do you save it so it doesn't get cleared on reboot?
ReplyDeleteGreat, now how do you save it so it doesn't get cleared on reboot?
ReplyDelete@Richard Rowlands: look here - http://serverfault.com/questions/528661/how-to-persist-iptables-configuration-on-amazon-ec2-vpc-nat-ami
ReplyDelete