Routing through a NAT instance

Yandex.Cloud lets you configure internet connections for multiple VMs via a NAT instance using static routing. In this case, only one public IP address is used: the one assigned to the VM.

To set up routing through a NAT instance:

  1. Before you start.
  2. Create and configure a NAT instance.
  3. Set up static routing in the cloud network.
  4. Test the NAT instance.

If you no longer need the NAT instance, delete it.

Before you start

Before deploying the server, you need to sign up for Yandex.Cloud and create a billing account:

  1. Go to the management console. Then log in to Yandex.Cloud or sign up if don't already have an account.
  2. On the billing page, make sure you linked a billing account, and it has the ACTIVE or TRIAL_ACTIVE status. If you don't have a billing account, create one.

If you have an active billing account, you can create or select a folder to run your VM in from the Yandex.Cloud page.

Learn more about clouds and folders.

The cost of NAT instance support includes:

Create a network, subnet, and test VM

  1. Create a cloud network with any name, such as my-vpc.
  2. In the cloud network, create a subnet for your NAT instance with any name, such as nat-subnet. Don't assign any routing tables to it.
  3. Create another subnet in the cloud network, such as private-subnet.
  4. Create a test VM without a public IP and connect it to the private-subnet subnet.

Create a NAT instance

Create a VM to use for internet access.

  1. Open your folder and click Create resource. Select Virtual machine.
  2. Enter a name for the VM, for example, nat-instance.
  3. Select the availability zone where the public-subnet subnet is located.
  4. Under Public images, click Select and choose the NAT instance image.
  5. Under Network settings, choose the required network and subnet and assign a public IP to the NAT instance either automatically or by selecting it from the list.
  6. In the Access field, enter the login and SSH key to access the VM.
  7. Click Create VM.

Set up static routing

Set up routing between the NAT instance and test VM.

Create a route table and add to it a static route:

  1. Open the Virtual Private Cloud section in the folder where you want to create a static route.

  2. Select the my-vpc network.

  3. Click imageCreate route table.

  4. Enter a name for the route table, such as nat-instance-route.

    • The name must be unique within the folder.
    • The name may contain lowercase Latin letters, numbers, and hyphens.
    • The first character must be a letter. The last character can't be a hyphen.
    • The maximum length of the name is 63 characters.
  5. Click Add route.

  6. In the window that opens, enter the prefix of the destination subnet:

  7. In the Next hop field, specify the internal IP address of the NAT instance. Click Add.

  8. Click Create route table.

To use static routes, link the route table to the subnet where the VMs are located (in the example, it's private-subnet). To do this:

  1. On the line with the test VM, click image.
  2. In the menu that opens, select Link route table.
  3. In the window that opens, select the nat-instance-route table from the list.
  4. Click Link.

You can also use the created route for other subnets in the same network, except for the subnet where the NAT instance is located.

Test the NAT instance

  1. Connect to the NAT instance via SSH:

    $ ssh <NAT instance public IP>
  2. Use the NAT instance to connect to the test VM in the same subnet via SSH:

    $ ssh <VM internal IP>
  3. Make sure the VM is connected to the internet via the public IP address of the NAT instance. Enter the following command in the terminal:

    $ curl

    If it returns the public IP address of the NAT instance, everything is correct.

Delete the created resources

If you no longer need the NAT instance, delete the nat-instance VM.