- Newest
- Most votes
- Most comments
You may need Port forwarding with a NAT Instance. Please checkout NAT gateway vs NAT Instance
Hi,
What are you trying to achieve?
If your only goal is to download content from the internet to your EC2 instance running in your private subnet, you have everything setup and ready to go.
For example, if you are on amazon Linux and you type 'sudo yum -y install httpd', you would see all the packages getting downloaded from the internet.
If that is not your intent then please go into more details on your requirements.
"icanhazip.com" is a server on the public Internet that returns the IP address of the calling client. You are invoking from your EC2 instance in your Private Subnet utilizing the NAT Gateway to get to the Internet. Why you run 'curl icanhazip.com' it is correctly returning the public EIP that is assigned to your NAT Gateway - which means that your NAT Gateway is properly setup.
The purpose of the NAT Gateway is to expose ONLY the public EIP address and route all traffic originating from the Private subnet(s) attached to the NAT Gateway by handling the Network Address Translation from private/public IP. Your private address space is "private". It never routes to the public Internet.
Hope this helps,
-randy
It helps, thanks. Is there a solution to deploy in AWS that is similar to a 1-to-1 NAT?
I need an instance in my private subnet to be able to transmit data to a server somewhere else and then receive data back to the EC2 instances address where my software is running.
Hi,
If I am understanding correctly, that is what you currently have setup. the NAT basically will restrict Internet originating connections into your EC2 instance which protects it from general attacks from the Internet. However, with a NAT Gateway in place, your EC2 can initiate, for example, a REST API call to any server on the Internet, and the data from that REST API call will be auto-routed back to your EC2 instance in your private subnet through the NAT Gateway without the server on the Internet needing to know what the private IP address is for that EC2 instance.
Are you saying that you need to send something asynchronously to the public Internet. And then in a different connection session sometime in the future, the server on the public Internet will need to establish a connection directly back to your EC2 instance in your private subnet so that it can send back to the EC2 instance? If yes, that is not possible. The definition of a private subnet is that the public Internet has no direct route (ingress) into your private subnet. If this is your use case, your EC2 has to be in a public subnet with a direct route to an Internet Gateway which will allow you to establish connections both outbound to Internet and Inbound from the Internet.
-randy
Relevant content
- asked a year ago
- asked 7 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
I too have a similar issue, i would like to have a public IP on the EC2 routing out via an internet gateway. i do not want my traffic natted, but I want it routed. My question is