gcloud compute instances create nat-gateway --network my-network --can-ip-forward \
--zone us-central1-a \
--image-family debian-8 \
--image-project debian-cloud \
--tags my-nat-instance

Step 2  – On your linux NAT instance, configure iptables:

SSH into your gateway instance and configure iptables to NAT internal traffic out to the public internet

1. Inform the linux kernel that you want to allow IP forwarding

sudo sysctl -w net.ipv4.ip_forward=1

2. Masquerade packets received from internal instances as if they were sent from the NAT gateway instance

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
--tags private-instance --priority 800

Step 3 – Create a route to allow all instances running in private subnet to access internet.

Basically this route will allow all instances with tag “private-instance” running in private subnet to access internet through NAT instance

gcloud compute routes create demo-vpc-no-ip-internet-route --network demo-vpc-manual-vpc \
--destination-range 0.0.0.0/0 \
--next-hop-instance nat-gateway \
--next-hop-instance-zone us-east1-b \
--tags private-instance --priority 800

The post Routing and NATing on Google Cloud – allowing internet access from a private subnet on GCP appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.