Skip to content

Nat

Basics

  • NAT stands for Network Address Translation
  • Remapping or Rewritting of source or destination IP Addresses
  • Internet Gateway does a static NAT, it rewrites Private IP Address ,with Public IP Address
  • IP Masquerading - Hide Private CIDR behind one public IP
  • This gives Private CIDR range outgoing internet access. Otherway around i.e. incoming access for multiple Private IP addresses using 1 public IP address does not work
  • In AWS we can use NAT Instances(EC2 instances with NAT capabilities) or NAT Gateway(Manageed Service)
  • Runs from a public subnet, uses Elastic IPs
  • Its an AZ resilient service. For fully region resilient service, one NAT GW needs to be deployed in each AZ
  • It scales to 45 GBps, are bllied for duration on per hour basis as well as for data transfer
  • An EC2 instance by default drops any traffic for which it is not a source or destination. Hence in order for an EC2 instance to operate as a NAT Instance, one needs to disable source and destination IP checks
  • NAT Gateways do not support Security Groups. NACLs are supported
  • NAT Gateways are not required and do not work with IPV6. Egress only Internet Gateway is used to give outbound only access for IPV6 addresses.