Start a new topic

Dual NAT

 First of all, I really like this product. It's stable and fast plus offers API functionalities.


I'm dealing with a complex situation in AWS and I cannot find out why it is failing. I have the following setup

  • An AWS Lambda with IP (private subnet, internet traffic routed to Instance 1)
  • NAT instance 1 with IP (public subnet (with public IP)
  • NAT instance 2 with IP (same public subnet (with different public IP)

I want instance 1 to route all traffic to the internet via instance 2 when the source IP matches a firewall rule (in this example

My firewall rules are:

Instance 1:

PREROUTING_CUST -i eth0 -s -j DNAT --to-destination
POSTROUTING_CUST -d -j SNAT --to-source

Instance 2:

If I execute the Lamda, it times out, which indicates the traffic is dropped. I suspect I need to SNAT the request from instance 1, because otherwise instance 2 will route the traffic directly to the Lambda, instead of via instance 1. But I was kind of hoping that would be solved by the macro_cust rule.

I've disabled source check, and if I update the routing table in AWS to instance 2, the call s succesful. Any idea what is wrong?

Kind regards,


1 Comment

Hi David,

Apologies for the late reply. As it happens, source-based routing was not straightforward until recently. We'd be more than happy to give you a demo of the 6.0 beta (available in AWS and Azure) which makes this simple.

Feel free to open a support ticket any time. (Our forums are usually on the quiet side.)

Bob Smetana

Cohesive Networks

Login or Signup to post a comment