-1

I have a public and a private instance in my AWS VPC.

I created a NAT gateway in my public subnet. The route table that is associated with the private subnet (of the private instance), has a route with destination 0.0.0.0/0 and target to the NAT.

So far I validated that everything works, besides that the private instance has internet connection.

How can I do that? I tried to ping his private iP address (of the private instance), but I guess it shouldn't work. I need to connect to the private instance somehow, and then ping www.google.com to check for internet connection.

How do I connect to the private instance?

through Putty from the public instance, if I ssh into the private instance, and then ping google.com and the packets are indeed being sent - This means the NAT is working?

TheCrystalShip
  • 249
  • 2
  • 4
  • 12
  • If you configure according to AWS documentation, then, yes, it is properly NAT. Actually you can confirmed this by disabled the NAT gateway. – mootmoot Nov 07 '18 at 17:01
  • Makes sense! Can I disable the NAT without deleting it? It seems like delete is the only option. – TheCrystalShip Nov 07 '18 at 17:05
  • Well, you can disabled the EIP. Another way is using curl to a website that provide you the public IP, if the IP match your EIP, then it is confirmed. – mootmoot Nov 07 '18 at 17:09
  • See https://stackoverflow.com/questions/52816990/sshing-into-aws-ec2-instance-located-in-private-subnet-in-a-vpc – jarmod Nov 07 '18 at 17:18
  • Please move your question to [su] (delete here, re-post there). It's [off-topic here](//stackoverflow.com/help/on-topic). – Martin Prikryl Nov 07 '18 at 17:38

1 Answers1

2

Since the instance in the private subnet is not directly accessible from the internet, you will need to first log into the instance in the public subnet, and from there (assuming permissions and firewall rules allow it) to the instance in the private subnet.

To verify that internet access from the private instance is via the NAT, you can always curl or wget a server you control that's logging IP address.

Another option is to try:

dig +short myip.opendns.com @resolver1.opendns.com

This should return the IP address of the NAT.

If you are using a NAT gateway, you cannot stop it, just delete it or recreate it as needed. If you are running a NAT instance, you should be able to stop it.

chris
  • 36,094
  • 53
  • 157
  • 237