By using AWS re:Post, you agree to the Terms of Use

EC2 instance in private subnet shows IPv4 address of NAT instance

0

I need to go out to the internet from the private subnet EC2 instance to get data and then have it transmit back to the EC2 instance in the private subnet.

If I do curl icanhazip.com from private subnet, I get the public IPv4 address of the NAT instance -- 3.81.xx.xx.

How can I get it to translate back to the private subnet address of 10.26.xx.xx

I already tried assigning an elastic IP(3.86.xx.xx) to the EC2 instance in the private subnet.

asked 3 years ago134 views
4 Answers
0

Hi,
What are you trying to achieve?

If your only goal is to download content from the internet to your EC2 instance running in your private subnet, you have everything setup and ready to go.

For example, if you are on amazon Linux and you type 'sudo yum -y install httpd', you would see all the packages getting downloaded from the internet.

If that is not your intent then please go into more details on your requirements.
"icanhazip.com" is a server on the public Internet that returns the IP address of the calling client. You are invoking from your EC2 instance in your Private Subnet utilizing the NAT Gateway to get to the Internet. Why you run 'curl icanhazip.com' it is correctly returning the public EIP that is assigned to your NAT Gateway - which means that your NAT Gateway is properly setup.

The purpose of the NAT Gateway is to expose ONLY the public EIP address and route all traffic originating from the Private subnet(s) attached to the NAT Gateway by handling the Network Address Translation from private/public IP. Your private address space is "private". It never routes to the public Internet.

Hope this helps,
-randy

answered 3 years ago
0

It helps, thanks. Is there a solution to deploy in AWS that is similar to a 1-to-1 NAT?

I need an instance in my private subnet to be able to transmit data to a server somewhere else and then receive data back to the EC2 instances address where my software is running.

answered 3 years ago
0

Hi,
If I am understanding correctly, that is what you currently have setup. the NAT basically will restrict Internet originating connections into your EC2 instance which protects it from general attacks from the Internet. However, with a NAT Gateway in place, your EC2 can initiate, for example, a REST API call to any server on the Internet, and the data from that REST API call will be auto-routed back to your EC2 instance in your private subnet through the NAT Gateway without the server on the Internet needing to know what the private IP address is for that EC2 instance.

Are you saying that you need to send something asynchronously to the public Internet. And then in a different connection session sometime in the future, the server on the public Internet will need to establish a connection directly back to your EC2 instance in your private subnet so that it can send back to the EC2 instance? If yes, that is not possible. The definition of a private subnet is that the public Internet has no direct route (ingress) into your private subnet. If this is your use case, your EC2 has to be in a public subnet with a direct route to an Internet Gateway which will allow you to establish connections both outbound to Internet and Inbound from the Internet.

-randy

answered 3 years ago
0

You may need Port forwarding with a NAT Instance. Please checkout NAT gateway vs NAT Instance

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions