Start a new topic

Dual NAT

 First of all, I really like this product. It's stable and fast plus offers API functionalities.


I'm dealing with a complex situation in AWS and I cannot find out why it is failing. I have the following setup

  • An AWS Lambda with IP (private subnet, internet traffic routed to Instance 1)
  • NAT instance 1 with IP (public subnet (with public IP)
  • NAT instance 2 with IP (same public subnet (with different public IP)

I want instance 1 to route all traffic to the internet via instance 2 when the source IP matches a firewall rule (in this example

My firewall rules are:

Instance 1:

PREROUTING_CUST -i eth0 -s -j DNAT --to-destination
POSTROUTING_CUST -d -j SNAT --to-source

Instance 2:

If I execute the Lamda, it times out, which indicates the traffic is dropped. I suspect I need to SNAT the request from instance 1, because otherwise instance 2 will route the traffic directly to the Lambda, instead of via instance 1. But I was kind of hoping that would be solved by the macro_cust rule.

I've disabled source check, and if I update the routing table in AWS to instance 2, the call s succesful. Any idea what is wrong?

Kind regards,


Login or Signup to post a comment