NAT Gateway configuration in Oracle Cloud Infrastructure!!
Hi Guys,
In today’s post, we will see regarding NATGateway in OCI.
What is NAT?
NAT is a networking technique commonly used to give entire private network access to the internet without assigning each host a public IPv4 address. The hosts can initiate connections to the internet and receive responses, but not receive inbound connections initiated from the internet.
When a host in the private network initiates an internet-bound connection, the NAT device’s public IP address becomes the source IP address for the outbound traffic. The response traffic from the internet, therefore, uses that public IP address as the destination IP address. The NAT device then routes the response to the host in the private network that initiated the connection.
My Environment Details:
- I subscribed to ASHBURN region in which created a compartment ASH_COMPARTMENT.
- Created ASH_VCN01 (Virtual Cloud Network) with CIDR 172.0.0.0/16.
- Creates subnets in the ASH_VCN01 as
ASH_SUBNET_A with CIDR 172.0.1.0/24 which is associated with the public subnet.
ASH_SUBNET_B with CIDR 172.0.2.0/24 which is associated with the public subnet.
ASH_SUBNET_C with CIDR 172.0.3.0/24 which is associated with the public subnet.
ASH_PRIVATE_D with CIDR 172.0.4.0/24 which is associated with the private subnet.
- Create a NATGateway as ASH_NATGW01 and add to the route table ASH_NAT_RT01.
- Assign the route table ASH_NAT_RT01 to the private subnet ASH_PRIVATE_D.
- Provision the instance using the private subnet ASH_PRIVATE_D where after the creation of the instance there will be only private IP address to the instance, no public IP will be assigned.
- Now, create a tunnel through PUTTY session of Public subnet instance.
- And connect to the private subnet instance through the tunnel of public subnet instance and it should have to connect successfully.
Note :
Actually in enterprises, will configure IPsec tunnel or CPE connections through which they will connect to private instances, here we didn’t configure IPsec of CPE connection so using the PUTTY session tunneling.
Going to ASHBURN region, create a private subnet and all the stuff discussed above.
The below instance is already created with public subnet, where it will have public and private ip addresses.
Create a private subnet.
Private subnet creates successfully.
Create NATGateway.
NAT Gateway created successfully.
Create a Route table and add the rule of NAT Gateway to it and assign the same route table to the private subnet.
Now create the instance using private subnet ASH_PRIVATE_D.
Instance provisioned successfully and there is no public ip assigned to this.
Create a tunnel using PUTTY by connecting to public subnet instance.
Now connected to the public instance, when the session created tunnel is also created where it will listen on port 2222 (when we call this port then it will redirect to private instance IP and port) on the localhost.
Now connect to private subnet instance as below from your localhost, it should have to connect successfully.
Hope this post find’s your well !!
Any question please post in comment box !!
Happy learning !!
Firoz Hussain K.
Thank you for this information, I appreciate your effort, please keep us update.
Thanks for the Appreciation Logan.
Regards,
Firoz K. Hussain.
Email : firozhussain@gmail.com
Mob : +971551862816
Excellent work Hussain, Good information. Keep up the good work.
Hi,
Sorry for the late reply and thanks for the appreciation.
Regards,
Firoz K. Hussain,
Mob: +971551862816
Ok, but what about income traffic?
I mean: We have several servers in private subnet and whant to forward specific traffic from internet to each one.
Example: APP1 is in subnet IP 10.0.1.2 and APP2 is 10.0.2.2. I want all Internet traffic coming from external IP (eg 149.54.2.47) follows these rules:
Packets to 149.54.2.47 port TCP 9001 goes forward to APP1
Packets to 149.54.2.47 port TCP 9002 goes forward to APP2
How to do this NAT?
Hi,
For this you have to create Load balancer and for this load balancer create back-end servers as APP1 and APP2 which are in private subnets.
After configuring NAT GATEWAY. while connecting from private compute instance to public compute instance i am seeing below error :
[opc@web ~]$ ssh -i public_key.pem opc@10.1.10.5
Enter passphrase for key ‘public_key.pem’:
Enter passphrase for key ‘public_key.pem’:
Enter passphrase for key ‘public_key.pem’:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Any clue much appreciated.
Regards,
Dev