Step 1 – Create an instance in a public subnet (to be later used as a NAT Instance)

gcloud compute instances create nat-gateway --network my-network --can-ip-forward \
--zone us-central1-a \
--image-family debian-8 \
--image-project debian-cloud \
--tags my-nat-instance

Step 2  – On your linux NAT instance, configure iptables:

SSH into your gateway instance and configure iptables to NAT internal traffic out to the public internet

1. Inform the linux kernel that you want to allow IP forwarding

sudo sysctl -w net.ipv4.ip_forward=1
2. Masquerade packets received from internal instances as if they were sent from the NAT gateway instance

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
--tags private-instance --priority 800

Step 3 – Create a route to allow all instances running in private subnet to access internet.

Basically this route will allow all instances with tag “private-instance” running in private subnet to access internet through NAT instance

gcloud compute routes create demo-vpc-no-ip-internet-route --network demo-vpc-manual-vpc \
--destination-range 0.0.0.0/0 \
--next-hop-instance nat-gateway \
--next-hop-instance-zone us-east1-b \
--tags private-instance --priority 800

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.