I'm trying to create a gateway on an aws ec2 amazon linux machine so that a worker machine without access to the internet can gain access via the gateway. The way I would usually do it on debian and a local virtual environment would be:
on gateway machine:
on worker machine:
And that's it. On the amazon linux machine, being a redhat based distro, I do it the following way:
add iptable rule for postrouting masqueradingon worker machine:
ip route add default via GATEWAY_MACHINE_IPAnd then it's just hangs because I lost my ssh connection. I also tried modifying the interface file in /etc/sysconfig/network-scripts/ and I lose the ssh connection when restarting the network.
The gateway machine is in a security group that allows all ipv4 incoming connections from all sources and ssh from my local computer, and allows all outgoing traffic to any destination.
The worker machine is in a different security group that allows all traffic from and to the gateway machine and ssh from my local computer.
Something I've noticed is that AWS only uses one interface for public and private connections, so maybe that has something to do with what's going on?
I was hoping somebody give me some insight as to what I'm doing wrong and if it's even possible to do what I'm trying to do in AWS
From Elastic network interfaces - Amazon Elastic Compute Cloud:
You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.
By default, the VPC will only allow traffic into an instance if the destination IP address 'belongs' to the instance. However, since you are performing NAT on the instance, it will be receiving packets with a different destination IP address.
Therefore: