1

I have set up two NAT boxes in two separate AWS accounts and given the necessary security group permissions to allow both instances to talk to each other.

In account A I have a service that needs to talk to a service in account B. We are looking to achieve this through cross-account peering, however we can't automate this process so we are setting up a NAT instance in each account with a permanent peering connection.

We need these NAT instances to route all traffic from the application in account A to the application in account B.

I believe it's going to be iptable rules but after a lot of searching I've yet to find a definitive answer.

NAT 1 ipconfig:

 eth0      Link encap:Ethernet  HWaddr 06:FF:01:29:D1:21
              inet addr:172.32.34.87  Bcast:172.32.34.255  Mask:255.255.255.0
              inet6 addr: fe80::4ff:1ff:fe29:d121/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
              RX packets:5198 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2136 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:5160072 (4.9 MiB)  TX bytes:262514 (256.3 KiB)

eth0:0    Link encap:Ethernet  HWaddr 06:FF:01:29:D1:21
          inet addr:172.0.0.0  Bcast:172.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1

NAT 2 ipconfig:

eth0      Link encap:Ethernet  HWaddr 0A:5F:05:58:5D:FF
      inet addr:172.32.2.219  Bcast:172.32.2.255  Mask:255.255.255.0
      inet6 addr: fe80::85f:5ff:fe58:5dff/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
      RX packets:32937 errors:0 dropped:0 overruns:0 frame:0
      TX packets:5062 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:41548363 (39.6 MiB)  TX bytes:412053 (402.3 KiB)

iptables -L

    Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

App with 10.x.x.x ifconfig:

eth0      Link encap:Ethernet  HWaddr 0a:75:f6:ee:f9:9f
      inet addr:10.105.5.51  Bcast:10.105.5.255  Mask:255.255.255.0
      inet6 addr: fe80::875:f6ff:feee:f99f/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
      RX packets:3098043 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1907079 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1593259614 (1.5 GB)  TX bytes:272469079 (272.4 MB)

And it just has the default iptables set up.

Ste-3PO
  • 11
  • 3

0 Answers0