1、
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#NATSG

1.1、Create instance form ami :ami-vpc-nat-hvm    choese best new
***NAT AMI***

1.2、

Check.IPv4 forwarding is enabled and ICMP redirects are disabled in /etc/sysctl.d/10-nat-settings.conf

IPv4 forwarding =1

Run.A script located at /usr/sbin/configure-pat.sh runs at startup and configures iptables IP masquerading.
Here have problem, so must delete  POSTROUTING

sudo iptables -t nat -D POSTROUTING 1

2、
https://holtstrom.com/michael/blog/post/400/Port-Forwarding-Gateway-via-iptables-on-Linux.html

eth0 10.0.0.219  52.78.165.129

eth1 10.0.1.149

web server 10.0.1.249

iptables -vxnL –line-numbers
iptables -t nat -vxnL –line-numbers

watch -n 1 sudo iptables -vxnL –line-numbers
watch -n 1 sudo iptables -t nat -vxnL –line-numbers

===Start===
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.219 –dport 888 \
     -j DNAT –to-destination 10.0.1.249:80

☆iptables -t nat -A POSTROUTING -j MASQUERADE     //key point, can’t use out eth0

===抓封包===
tcpdump -i eth0 -p tcp and port 888 -n -v

===刪除===
iptables -D INPUT 2
iptables -t nat -D PREROUTING 2
iptables -t nat -D POSTROUTING 2

===無用===
iptables -A FORWARD -p tcp -m conntrack –ctstate RELATED,ESTABLISHED -d 10.0.1.249 -j ACCEPT

iptables -A FORWARD -d 10.0.1.249 -p tcp –dport 80 -j ACCEPT

iptables -t nat -A POSTROUTING -j SNAT –to-source 10.0.0.219
===無用===

===無用  這行解決 telnet localhost 888===
iptables -t nat -A OUTPUT -p tcp -o lo –dport 888 -j DNAT –to 10.0.1.249:80