ACM.470 Another thing Q told me I could do but wasn’t allowed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~
⚙️ Discover my series on Automation of cybersecurity measures. THE Coded.
🔒 Related Stories I AM | AWS Security | pfSense | Internet Security
💻 Free content on Cybersecurity Jobs | ✉️ Register for Broadcast list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~
In the last post, with Q’s blessing, I attempted to send traffic from a Load Balancer to a NAT. It did not work.
In this article, I consulted Q again regarding something I wanted to try: sending data from a site-to-site VPN with a virtual private gateway directly to a NAT.
While I was having difficulty with the Network Load Balancer in the last post, I started to wonder what would happen if I simply sent my traffic through the VPN to an Internet location. Would it just go through the VPN to the Internet via NAT? Or do I still need something in the VPC to forward traffic?
I should have known this after having transitive routing in my brain when I previously worked on proxies and NAT at Capital One – but that was before AWS NAT Gateway. Maybe something has changed.
After a few tries, I understood the question well (or so I thought) and got an answer that seemed reasonable. According to QI this can be done.
First, I checked if my AWS VPC flow logs that I configured in a previous article are working so I can monitor traffic and they are. And there’s certainly a lot of noise coming from the Internet.
What I really wish is that AWS would let you create a rule to block traffic to two high ports, because one rule could eliminate pretty much all of that, but it’s a tangential thought.