-2

I had only one public subnet to VPC,and added NAT gateway to that public subnet, but i'm not able access the instance using NAT ip address.

@1)I'm able to ping the instance, with public Ip address(added icmp to security group), but by using NAT elastic IP address i'm not able to ping.

@2)Does NAT is applicable for single public subnet or not. My goal is to translate the ip address attached to public subnet instance.

raju
  • 129
  • 1
  • 9

3 Answers3

3

I believe you are using the wrong service for what you are trying to do.

The AWS service NAT Gateway is for routing outbound traffic from a private subnet to the internet. It does not route inbound requests.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
Kyle Finley
  • 56
  • 3
  • Actually, there are different NATs. All NAT (Network Address Translation) means is that you are translating one of the network addresses (source or destination) in the packet IP header into a different network address. You are describing _inside source_ NAT, typically used with address overloading, called NAPT (Network Address Port Translation) by _[RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations](https://tools.ietf.org/html/rfc2663)_. You could also have _inside destination_ or _outside source_ NAT. – Ron Maupin Jun 02 '17 at 01:48
  • @RonMaupin in AWS a NAT gateway only servers once purpose as expressed in the first few lines in their documentation. If you review all presented examples, they only demonstrate the use of the NAT gateway to route outbound traffic from a private subnet. [AWS NAT Gateway Documentation](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html) – Kyle Finley Jun 02 '17 at 02:07
  • It may be that AWS only supports NAPT, but then your statement, "_A NAT gateway is for routing outbound traffic from a private subnet to the internet,_" should be clarified because there are NAT gateways that do other forms of NAT, too. For example, two businesses with overlapping private addresses may need to communicate or merge, and outside source NAT is particularly useful for that. Inside destination NAT allows external traffic origination that takes port forwarding (and its limitations) to use with NAPT. – Ron Maupin Jun 02 '17 at 02:12
  • 1
    I understand the various types of NATs but, I believe this question is specially referring to the AWS service called 'NAT Gateway'. I have adjusted my wording to specify this. – Kyle Finley Jun 02 '17 at 02:39
  • This is correct. It also doesn't make sense to have a NAT Gateway when you only have one subnet in a VPC, under *any* circumstances, because a NAT Gateway provides its services to one or more private subnets, but the gateway itself must be provisioned on a public subnet. – Michael - sqlbot Jun 04 '17 at 15:10
0

Make sure you have:

  1. Internet Gateway for your VPC (docs).
  2. A public IPv4 for your instance.

NAT Gateway (docs) is used for services inside a private subnet (which is inside a VPC) to send requests from inside the subnet to internet. The source address being the Elastic IP.

Internet Gateway is used for all the VPC to establish a basic level of internet connectivity. It takes care of routing to your EC2 instances that have a public IP.

forzagreen
  • 2,509
  • 30
  • 38
0

I have solution on this, give NAT gateway private IP to private server @ DNS place, then you will get internet access. if you want to test u need to have one server with public IP, then take remote of 2nd(private server) and Test it will work. for any other info https://www.youtube.com/channel/UCEYPy7Dt4UJa_UvUrsRmjoQ https://www.linkedin.com/in/mohan-reddy-79a57014b/

user10747682
  • 1