I have created one VPC with public and private subnets. in addition , NAT instance is created to provide outbound internet traffic for private instance. The Public linux instance is able to connect to internet. However , if i associate the private instance to Network ACL , unable to conenct through public instance. If i de-associate the private instance from Network ACL , the private instance is able to connect to internet through the set NAT instance. My network ACL does not have any rules set other than default allow/deny rules(Enclosed screenshot) Could you help me to understand why the ACL 's are blocking the connectivity to Private instance and why ? Thanks in advance.