How to Create a NAT Instance in AWS (2024)
What is a NAT Instance:
This instance allows resources in a private subnet to connect to the internet or other AWS services, while preventing the internet from initiating connections to those resources in that private subnet.
However, a NAT instance can also allow inbound traffic as well.
According to Amazon, NAT instances have reached the end of their support.
NAT AMI is built on the last version of the Amazon Linux AMI, 2018.03, which reached the end of standard support on December 31, 2020 and end of maintenance support on December 31, 2023
Amazon suggests using a NAT Gateway in place of NAT instance.
If you still want to create a NAT instance; you still can.
Here are the steps you need to take:
- Launch an EC2 instance from the AWS console running AL2023 or Amazon Linux 2.
- SSH into your instance and then you will want ot run these commands.
sudo yum install iptables-services -y
sudo systemctl enable iptables
sudo systemctl start iptables
3. First, you can enable IP forwarding temporarily by executing the following command.
You are going to want to use a text editor of your choice like Nano.
4. Create the following file:
/etc/sysctl.d/custom-ip-forwarding.conf
5. then add this file:
net.ipv4.ip_forward=1
6. Apply the settings in the custom configuration file using the following command:
sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf
7. Then run the command below, (netstat -i) it is used to display network interface statistics on Unix-like operating systems.
It provides information about each network interface’s status, including the number of packets transmitted and received, errors, collisions, and other relevant statistics.
netstat -i
After running the above command you might see output like this so take note:
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg ens5 9001 14036 0 0 0 2116 0 0 0 BMRU lo 65536 12 0 0 0 12 0 0 0 LRU
8. Lastly, you are going to run the commands below, this will configure your NAT properly.
Check out the bolded text (eth0) below. You are going to want to replace eth0 with the primary code you were provided above.
In our example above our output was ens5
sudo /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo /sbin/iptables -F FORWARD
sudo service iptables save
Now you have your own NAT instance.
