Answer:
Ensure that "Source/Destination Checks" is disabled on the NAT instance.
Step-by-step explanation:
A NAT (Network Address Translation) instance is, like a bastion host, an EC2 instance that lives in your public subnet. A NAT instance, however, allows your private instances outgoing connectivity to the internet while at the same time blocking inbound traffic from the internet.
Many people configure their NAT instances to allow private instances to access the internet for important operating system updates. Patching your OS is an important part of maintaining instance level security.
NAT device enables instances in a private subnet to connect to the Internet or other AWS services, but prevents the Internet from initiating connections with the instances.
NAT devices do not support IPv6 traffic, use an egress-only Internet gateway instead.