01. Private EC2 → NAT Gateway → IGW (IPv4 Flow)
01. Private EC2 → NAT Gateway → IGW (IPv4 Flow)
Private EC2 → NAT Gateway → IGW (IPv4 Flow)
Prerequisites
1
2
3
4
5
- EC2
- NAT Gateway
- IGW
- Subnet
- Route Table
1. What we need
- Private EC2 (No Public IP)
- Private Route Table
- NAT Gateway (Located in Public Subnet)
- Public Route Table
- Internet Gateway (IGW)
2. Example
Step 1 — Request from Private EC2
Private EC2 (10.0.2.15) → External server (8.8.8.8)
Source: 10.0.2.15
Destination: 8.8.8.8
Step 2 — Private Route Table
10.0.0.0/16 → local
0.0.0.0/0 → NAT Gateway
👉 External traffic is routed to NAT Gateway
Step 3 — NAT Gateway (Core)
Performs IP translation (NAT)
Before:
Source: 10.0.2.15
After:
Source: 3.25.100.10 (Elastic IP)
Step 4 — Public Route Table
10.0.0.0/16 → local
0.0.0.0/0 → Internet Gateway
👉 Forwarded to IGW
Step 5 — Internet Gateway → Internet
Traffic is sent to external destination (8.8.8.8)
Step 6 — Response Flow
Internet (8.8.8.8)
→ IGW
→ NAT Gateway
→ Private EC2 (10.0.2.15)
3. Full Flow (One Line)
Private EC2 (10.0.2.15)
→ Private Route Table (0.0.0.0/0 → NAT)
→ NAT Gateway (translated to 3.25.100.10)
→ Public Route Table (0.0.0.0/0 → IGW)
→ Internet Gateway
→ Internet
4. Why NAT Gateway is Needed?
🔸 Maintain Private Subnet
- No Public IP required
- Improved security
🔸 Outbound Only
- Can send requests to Internet
- Cannot receive inbound connections
🔸 IP Masking
- Internal IP is hidden
- Only Elastic IP is visible externally
This post is licensed under CC BY 4.0 by the author.
