Why does NAT GW get two IP address EIP and Private IP Address

Question

Hi

I need some help in understanding the use case of Elastic IP Address and Private IP Address that gets assigned to the NAT GW.

1- When a NAT GW is launched, it gets two IPs Elastic IP Address and Private IP Address. What IP does it use as the SRC IP when it forwards the traffic to the Internet Gateway. From Documentation "The NAT gateway sends the traffic to the internet gateway, using its Elastic IP address as the source IP address."

2- What IP [EIP or Private IP] does the Internet Gateway use for translation? From Documentation: "For communication using IPv4, the internet gateway also performs network address translation (NAT)"

If I try to combine above points then does Internet Gateway translate the EIP of the NAT GW to a publicly routable address as the src before sending it out on the internet?

SO · Answer

To add some explanation to the above blog, when the packet reaches NAT-GW, The NAT-GW translates the source IP address to its private IP address then it forwards the packet to IGW. When the packet reaches the IGW, it performs another source IP translation where it uses the EIP, that's associated with the NAT-GW, as the packet source IP.

Tushar_J · Answer

I suggest to check this [blog](https://aws.amazon.com/blogs/networking-and-content-delivery/attach-multiple-ips-to-a-nat-gateway-to-scale-your-egress-traffic-pattern/), it explains the packet flow and how the Source IP gets changed at each hop. See the below statement and the diagram along with the table showing packet flow.

> AWS NAT Gateways performs Port Address Translation. AWS NAT Gateways performs source-NAT, and translates the IP address of the source with its private IP address. Then, the Internet Gateway (IGW) translates the private IP address of the NAT Gateway to the Elastic IP address associated with the NAT Gateway

Why does NAT GW get two IP address EIP and Private IP Address

Relevant content