DEV Community

miracle ify
miracle ify

Posted on

Build Your Own Virtual Private Cloud (VPC) on Linux – Beginner’s Guide

#linux #networking #python #docker

Build Your Own Virtual Private Cloud (VPC) on Linux – Beginner’s Guide

Learn how to recreate the fundamentals of a cloud Virtual Private Cloud (VPC) using Linux native tools. We'll simulate public and private subnets, routing, NAT, and isolation—all on your local machine!

Prerequisites

  • Linux host (or Docker container on macOS)
  • Python 3.x
  • Basic familiarity with Linux commands

macOS users: Docker is required because Linux network namespaces and iptables require a Linux kernel.

Project Overview

We'll create:

  • A VPC with a Linux bridge
  • Public and private subnets
  • NAT for public subnet
  • Firewall rules for isolation
  • Simple HTTP server to test connectivity

Architecture Diagram 

  Internet
     |
  NAT Gateway
     |
 vpc-ifym (Bridge)
  /       \
Enter fullscreen mode Exit fullscreen mode

ifym_public ifym_private
(10.0.1.10/24) (10.0.2.10/24)

Step 1: Start the Docker Container & Enter Project Folder 


bash
docker start -ai vpc-lab
cd /hng13-stage-4


Step 2: Clean Previous VPCs
ip netns del ifym_public 2>/dev/null
ip netns del ifym_private 2>/dev/null
ip link del vethh1 2>/dev/null
ip link del vethn1 2>/dev/null
ip link del vpc-ifym 2>/dev/null


Step 3: Create VPC and Subnets
python3 vpcctl.py create --config policies/policy.json


Step 4: Test Connectivity

Ping gateways:

ip netns exec ifym_public ping -c 2 10.0.1.1
ip netns exec ifym_private ping -c 2 10.0.2.1

Ping between subnets (expected isolation):

ip netns exec ifym_public ping -c 2 10.0.2.10
ip netns exec ifym_private ping -c 2 10.0.1.10

Step 5: Test NAT / Internet Access
# Public subnet outgoing (should succeed)
ip netns exec ifym_public curl -I https://example.com

# Private subnet outgoing (should fail)
ip netns exec ifym_private curl -I https://example.com


Step 6: Deploy a Simple App in Public Subnet
ip netns exec ifym_public python3 -m http.server 8080 &
ip netns exec ifym_public curl http://10.0.1.10:8080  # Should succeed
ip netns exec ifym_private curl http://10.0.1.10:8080 # Should fail


Step 7: Clean Teardown
python3 vpcctl.py delete --config policies/policy.json

All network namespaces, veth pairs, bridges, and firewall rules will be removed.


Conclusion

You’ve successfully:

Built a mini VPC on Linux

Created isolated subnets

Deployed an app in a public subnet

Verified NAT behavior

Learned how Linux networking primitives simulate cloud networking.

GitHub Repository: https://github.com/miracleify/hng13-devops-stage4

video
https://drive.google.com/file/d/1auMrzhWmLcFqPF-H2pXWvXb6bPeSF_Fv/view?usp=sharing
Enter fullscreen mode Exit fullscreen mode

Top comments (0)