I am trying to setup a environment where I have two VM’s.
Scenaio would be like
VM1 and VM2 are there and VM one trying to reach internet (all outboud), it should forward the all traffic to VM1 (which has nginx running as forward proxy)
I created IP table rule in source VM (VM2) as below
iptables -t nat -A OUTPUT -p tcp -o eth1 --dport 80 -j DNAT --to proxyserverip:8888
iptables -t nat -A OUTPUT -p tcp -o eth1 --dport 443 -j DNAT --to proxyserver:8888
and in VM1(proxy VM running nginx) have below config. how ever this is not working as expected.
server {
listen 8888;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$uri$is_args$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
I am trying this in aws ec2 using nat and internet gateways as below.
But unable to establish connection.
2
Answers
Assuming that your NAT gateway and VM1 are in the same subnet, these two will not talk to each other. VM1 should be in a private subnet, i.e. the one not containing an Internet gateway; the NAT gateway, positioned in the public subnet, will then route VM1’s requests to the Internet gateway.
If VM1 has to be positioned in a public subnet in your topology and you have no interest in obfuscating its IP, VM1 can simply be exposed to the internet (via Igw obviously).
I am not sure what role does VPC peering play in your diagram, why do you need to place VM1 and VM2 in different VPCs?
Generally speaking, the most efficient way of restricting the flow to VM2 would be to put VM1 and VM2 in two separate security groups and then allow traffic into VM2’s security group only from VM1’s security group.
It looks like you’re almost there based on your code…
Locate the default Nginx configuration file and comment out the server part in order to save it as an archived copy. Usually, we can find it in /etc/nginx/sites-enabled/default:
Next, create a new file called forward and add all the needed configurations to turn Nginx into a working forward proxy:
The ‘resolver 8.8.8.8′ directive specifies which nameservers should be used to resolve the names of upstream servers into addresses, in this case 8.8.8.8 corresponds to Google’s nameservers.
The variable $http_host contains the host in the original request, whereas $uri contains the path after the domain or IP. The last two variables $is_args and $args check for any additional arguments in the initial request, and they add them automatically to the proxied request.
After we update all the necessary configurations, we need to restart the nginx.service for them to take effect: