Post

01. Private EC2 → NAT Gateway → IGW (IPv4 Flow)

01. Private EC2 → NAT Gateway → IGW (IPv4 Flow)

Private EC2 → NAT Gateway → IGW (IPv4 Flow)


Prerequisites

1
2
3
4
5
- EC2
- NAT Gateway
- IGW
- Subnet
- Route Table

1. What we need

  • Private EC2 (No Public IP)
  • Private Route Table
  • NAT Gateway (Located in Public Subnet)
  • Public Route Table
  • Internet Gateway (IGW)

2. Example

Step 1 — Request from Private EC2

Private EC2 (10.0.2.15) → External server (8.8.8.8)

Source: 10.0.2.15
Destination: 8.8.8.8

Step 2 — Private Route Table

10.0.0.0/16 → local
0.0.0.0/0 → NAT Gateway

👉 External traffic is routed to NAT Gateway

Step 3 — NAT Gateway (Core)

Performs IP translation (NAT)

Before:
Source: 10.0.2.15

After:
Source: 3.25.100.10 (Elastic IP)

Step 4 — Public Route Table

10.0.0.0/16 → local
0.0.0.0/0 → Internet Gateway

👉 Forwarded to IGW

Step 5 — Internet Gateway → Internet

Traffic is sent to external destination (8.8.8.8)

Step 6 — Response Flow

Internet (8.8.8.8)
→ IGW
→ NAT Gateway
→ Private EC2 (10.0.2.15)

3. Full Flow (One Line)

"aws-ex01-01"

Private EC2 (10.0.2.15)
→ Private Route Table (0.0.0.0/0 → NAT)
→ NAT Gateway (translated to 3.25.100.10)
→ Public Route Table (0.0.0.0/0 → IGW)
→ Internet Gateway
→ Internet

4. Why NAT Gateway is Needed?

🔸 Maintain Private Subnet

  • No Public IP required
  • Improved security

🔸 Outbound Only

  • Can send requests to Internet
  • Cannot receive inbound connections

🔸 IP Masking

  • Internal IP is hidden
  • Only Elastic IP is visible externally
This post is licensed under CC BY 4.0 by the author.