Introduction

A common network infrastructure may consist of an private network on an isolated subnet. While there may be no need for incoming connections to access the private network from the outside, there are occasions when you may need servers within the private subnet to make connections to services outside of the subnet or to the public Internet. An example may include downloading a software package, sending backup data to an external location, or applying system updates to servers on the private subnet.

A Linux gateway server with two network interfaces, or NICs, can be used to bridge two networks together. One NIC will connect to an external, or public, network while the other NIC will connect to the private subnet. IP forwarding and a NAT rule are then used to route traffic from the private subnet out to the external network.

The traffic from the internal servers will appear to be originating from the gateway IP address. Externally generated traffic will reach the gateway and have no visibility of the private subnet.

While beyond the scope of this tutorial, the gateway server firewall can be modified to restrict outbound traffic from the subnet. Continue reading Deploy Outbound NAT Gateway on Ubuntu →