On AWS, I have a NAT instance (Linux) and a Webserver (Windows 2019) on a VPC. The web server works as it should, I can also RDP to the webserver via the nat, no issues. The problem is that there's no outbound access to the internet from the Webserver instance; after I RDP (as admin) I can't browse.
AWS Basic Network configuration:
VPC Network ACL: inbound: All Allowed, outbound: All Allowed
VPC is associated with an internet-gateway
VPC: 10.0.0.0/16
public subnet: 10.0.2.0/24
Private subnet: 10.0.1.0/24
NAT IP: 10.0.2.40
WEB IP: 10.0.1.128
Disabled source/destination check on NAT
security group on web server: inbound from nat-server and outbound All open.
security group on nat server: inbound from 80, web sg, and my IP, and outbound All open.
Network on NAT: IP forwarding is enabled, and since the web application works, I don't believe there's any issues here.
sysctl -q -w net.ipv4.ip_forward=1
iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 10.0.2.40 tcp dpt:443 to:10.0.1.128
DNAT tcp -- 0.0.0.0/0 10.0.2.40 tcp dpt:80 to:10.0.1.128
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
113235 7781297 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
I can access the application served from Windows 2019 instance via the internet, the network seems to work in that respect.
I may need additional settings on the NAT, or Windows 2019, the only configuration I've done on Windows 2019 is setting up the IIS.
What do I need to check, and set, to have outbound internet browsing capability from the web server?
