Thanks for this post. Definitely an area I need to greatly improve my understanding. Networking in general has never been something I've found any love for but definitely an area I need to read up on.
I'm interested in the NAT concept. I've read up briefly on this but it never really sticks in my mind. I believe the purpose is to only allow connections out of the network so that you can carry out tasks like running updates on your server is that correct? If the NAT has to establish the outbound connection, does this mean for example a webserver, running behind a NAT could not be addressed in the browser and receive a page back? If I wanted to do such a thing I just use a general purpose routing table and internet gateway in AWS?
Also another question, have you come across bastion hosts being used in AWS? Typically these are sat out on the edge allowing only white listed connections maybe over SSH to then enable you to SSH into your other boxes. I'd be interested to see such a set up explained too. I've used one at work, but never understood the exact connection setup.
Network address translation is very common in private networks, for example the router in most homes performs NAT so that you can use the Internet.
does this mean for example a webserver, running behind a NAT could not be addressed
That's exactly right. In the same way that clients outside your home network can't access port 80 on your iPad (or whatever).
SSH bastions are a common set up and they work roughly the other way round to NAT boxes in that they sit in the public subnets and allow incoming traffic via SSH and then allow access to the rest of the VPC from themselves.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for this post. Definitely an area I need to greatly improve my understanding. Networking in general has never been something I've found any love for but definitely an area I need to read up on.
I'm interested in the NAT concept. I've read up briefly on this but it never really sticks in my mind. I believe the purpose is to only allow connections out of the network so that you can carry out tasks like running updates on your server is that correct? If the NAT has to establish the outbound connection, does this mean for example a webserver, running behind a NAT could not be addressed in the browser and receive a page back? If I wanted to do such a thing I just use a general purpose routing table and internet gateway in AWS?
Also another question, have you come across bastion hosts being used in AWS? Typically these are sat out on the edge allowing only white listed connections maybe over SSH to then enable you to SSH into your other boxes. I'd be interested to see such a set up explained too. I've used one at work, but never understood the exact connection setup.
Network address translation is very common in private networks, for example the router in most homes performs NAT so that you can use the Internet.
SSH bastions are a common set up and they work roughly the other way round to NAT boxes in that they sit in the public subnets and allow incoming traffic via SSH and then allow access to the rest of the VPC from themselves.