41. NW ‐ "NAT GW" ‐ Establishing One‐Way Internet Access for Private Instances - Ayushi-srivastav/OCI GitHub Wiki

Objective: Establish one-way internet connectivity from the private instance.

(A) Log in to a private instance in the Spoke Virtual Cloud Network (VCN) using the Bastion server.

(B) Configure the NAT Gateway to enable instances in the private subnet to access the internet while blocking any inbound internet traffic.

image

1. Access the Application server

Connect to the Application server via the Bastion Server.

ssh -i /home/opc/keys/privkey.pem [email protected]

image

2. Ping google.com

Once connected to the Application server, attempt to ping google.com.Observe that the ping request fails.

image

3. Create a NAT Gateway

  • To create a NAT Gateway, follow these steps:

  • Navigate to the Networking section.

  • Go to VCN and select Spoke VCN.

  • Choose NAT Gateways from the options.

  • Create a new NAT Gateway

image

image

image

image

4. Add a Route Rule for NAT Gateway

  • To add a route rule for the NAT Gateway, follow these steps:

  • Go to the Private-Subnet in the Spoke VCN.

  • Select the associated Route Table.

  • Add a Route Rule for the newly created NAT Gateway to enable one-way internet connectivity from the Private Instance.

image

image

image

image

image

5. Ping to google.com working

Ping google.com from Application server instance again. We can see that the Ping is NOW working

image