EC2 instance in private subnet shows IPv4 address of NAT instance

0

I need to go out to the internet from the private subnet EC2 instance to get data and then have it transmit back to the EC2 instance in the private subnet.

If I do curl icanhazip.com from private subnet, I get the public IPv4 address of the NAT instance -- 3.81.xx.xx.

How can I get it to translate back to the private subnet address of 10.26.xx.xx

I already tried assigning an elastic IP(3.86.xx.xx) to the EC2 instance in the private subnet.

asked 5 years ago1226 views
4 Answers
0

You may need Port forwarding with a NAT Instance. Please checkout NAT gateway vs NAT Instance

SMA
answered 2 years ago
  • I too have a similar issue, i would like to have a public IP on the EC2 routing out via an internet gateway. i do not want my traffic natted, but I want it routed. My question is

    1. How does one get a public subnet on their VPC?
    2. How to route is out What am I trying to achieve ? I have setup a Mikrotik CHR and I want to setup an EoIP tunnel, please not that I don't want to setup a VPN. For the EoIP to work I have to put a source public IP address and a destination IP. The source public has to be on the actual interface.
0

Hi,
What are you trying to achieve?

If your only goal is to download content from the internet to your EC2 instance running in your private subnet, you have everything setup and ready to go.

For example, if you are on amazon Linux and you type 'sudo yum -y install httpd', you would see all the packages getting downloaded from the internet.

If that is not your intent then please go into more details on your requirements.
"icanhazip.com" is a server on the public Internet that returns the IP address of the calling client. You are invoking from your EC2 instance in your Private Subnet utilizing the NAT Gateway to get to the Internet. Why you run 'curl icanhazip.com' it is correctly returning the public EIP that is assigned to your NAT Gateway - which means that your NAT Gateway is properly setup.

The purpose of the NAT Gateway is to expose ONLY the public EIP address and route all traffic originating from the Private subnet(s) attached to the NAT Gateway by handling the Network Address Translation from private/public IP. Your private address space is "private". It never routes to the public Internet.

Hope this helps,
-randy

EXPERT
answered 5 years ago
0

It helps, thanks. Is there a solution to deploy in AWS that is similar to a 1-to-1 NAT?

I need an instance in my private subnet to be able to transmit data to a server somewhere else and then receive data back to the EC2 instances address where my software is running.

answered 5 years ago
0

Hi,
If I am understanding correctly, that is what you currently have setup. the NAT basically will restrict Internet originating connections into your EC2 instance which protects it from general attacks from the Internet. However, with a NAT Gateway in place, your EC2 can initiate, for example, a REST API call to any server on the Internet, and the data from that REST API call will be auto-routed back to your EC2 instance in your private subnet through the NAT Gateway without the server on the Internet needing to know what the private IP address is for that EC2 instance.

Are you saying that you need to send something asynchronously to the public Internet. And then in a different connection session sometime in the future, the server on the public Internet will need to establish a connection directly back to your EC2 instance in your private subnet so that it can send back to the EC2 instance? If yes, that is not possible. The definition of a private subnet is that the public Internet has no direct route (ingress) into your private subnet. If this is your use case, your EC2 has to be in a public subnet with a direct route to an Internet Gateway which will allow you to establish connections both outbound to Internet and Inbound from the Internet.

-randy

EXPERT
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions