NAT (Network Address Translation) using AWS Part1
What is NAT?
NAT is Network Address Translation. Basically, It is a technique in which a router or a similar device translates one IP address into another IP address information in packets’ IP headers as they transit across a traffic routing device.
A router translates the private address of an internal host into a public IP address for outgoing traffic with that from the opposite side similarly router will translate its own public IP address into a private one for the incoming traffic. This lets organizations use one public IP address and many private IP addresses within the network.
An example of a real-life situation is a receptionist at a company. Just call on the company and once you reach the receptionist, he/she will transfer your call to one of the private numbers inside the company.
What is the need for NAT?
As we cannot use private IPv4 addresses to access the internet at the same time, the number of public IPv4 addresses is limited. Therefore, we need a way in which hosts in our network that have been assigned private IPv4 addresses can access the internet. So here is the need for Network Address Translation (NAT) as few public IPv4 addresses are made which are used to access the internet even if they have many hosts who have been assigned private IPv4 addresses.
What is AWS?
AWS is Amazon Web Services which evolving cloud computing platform provided by Amazon. AWS services can offer well-organized tools such as compute power, database storage, content delivery services, and many more services.
Amazon Services used in this blog
EC2 instances:
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. In this, we are using an EC2 instance with the OS of Amazon Linux.
VPC:
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. VPC is a virtual network that closely resembles a traditional network that you would operate in your own data center. After you create a VPC, you can add subnets.
Internet Gateway:
It allows communication between your VPC and the internet. It supports IPv4 and IPv6 traffic. An internet gateway enables resources in your public subnets (such as EC2 instances) to connect to the internet if the resource has a public IPv4 address or an IPv6 address.
NAT Gateway:
A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
DEMO/Confirmation
Given below diagram is an overview of the Network which we are going to make…
Step: 1
Create two EC2 instances that use Amazon Linux as OS and name them “public” and “private”. While making the instances put the “public” instance into the public subnet (10.200.0.16) in that must choose the public subnet and the “private” instance into the private subnet (10.200.1.98) in that must choose the private subnet.
Step: 2
Connect to “public” EC2 instance. Now ping google.com (to check the connectivity) this will ping successfully, so we have proved that we are connected to an internet gateway.
Step: 3
To check that private and public instances are connected to each other, we will ping the private instance.
Step: 4
Now we are going to “private” EC2 instance through “public” EC2 instance through
“ssh -i <<passwordFilePath>> ec2-user@10.200.1.98”
So, from this, we are on the CLI of “private”.
Step: 5
From that ping to google.com (to check the connectivity) this will not ping, so we have proved that we are not connected to an internet gateway.
Step: 6
Now ping to our “public” EC2 instance. This will ping to the public instance successfully, so we can say “private” is connected to the public instance but not connected to an internet gateway.
Step: 7
Now we going to connect the private instance with the NAT gateway. Now to check we will ping google.com (to check the connectivity) this will ping successfully, so we have proved that we are connected to the NAT gateway and we can access the internet Gateway.
Conclusion
From this google.com server identify this private instance through the NAT gateway IP. With that global address space allocation in face of IPv4 address exhaustion by sharing one Internet-routable IP address of a NAT gateway for an entire private network. Taking the CHARUSAT example the PCs of the lab are in a private subnet and the wi-fi access/routers are using a NAT gateway.
Contributed by
Jay Nakarani & Preet Padariya
References
AWS
NAT without AWS
