Help Center/ NAT Gateway/ API Reference/ Out-of-Date APIs/ API v2.0/ DNAT Rules/ Creating a DNAT Rule
Updated on 2025-12-26 GMT+08:00
View PDF

Creating a DNAT Rule

Function

This API is used to create a DNAT rule.

You can create a DNAT rule only when status of the NAT gateway is ACTIVE and admin_state_up of the NAT gateway administrator is True. Specify either port_id or private_ip at a time. If you are going to create a DNAT rule that allows traffic to and from all ports of a server and an EIP, set internal_service_port to 0, external_service_port to 0, and protocol to any.

URI

POST /v2.0/dnat_rules

Request

Table 1 lists the request parameter.

Table 1 Request parameter

Parameter

Mandatory

Type

Description

dnat_rule

Yes

Object

Specifies the DNAT rule object. For details, see Table 2.
Table 2 Description of the dnat_rule field

Parameter

Mandatory

Type

Description

nat_gateway_id

Yes

String

Specifies the public NAT gateway ID.

port_id

No

String

Specifies the port ID of an ECS or BMS. Configure either port_id or private_ip.

private_ip

No

String

Specifies the private IP address of a user, for example, the IP address of a VPC connected by a Direct Connect connection. You can specify either this parameter or port_id.

internal_service_port

Yes

Integer

Specifies the port used by ECSs or BMSs to provide services for external systems.

The value ranges from 0 to 65535.

floating_ip_id

Yes

String

Specifies the EIP ID.

external_service_port

Yes

Integer

Specifies the port for providing services for external systems.

The value ranges from 0 to 65535.

protocol

Yes

String

Specifies the protocol.

Its value can be tcp (6), udp (17), or any (0).

Response

Table 3 lists response parameter.

Table 3 Response parameter

Parameter

Type

Description

dnat_rule

Object

Specifies the DNAT rule object. For details, see Table 4.
Table 4 Description of the dnat_rule field

Parameter

Type

Description

id

String

Specifies the DNAT rule ID.

tenant_id

String

Specifies the project ID.

nat_gateway_id

String

Specifies the public NAT gateway ID.

port_id

String

Specifies the port ID of an ECS or BMS. This parameter is used in the VPC scenario. Configure either port_id or private_ip.

private_ip

String

This parameter is used in the Direct Connect scenario. Configure either private_ip or port_id.

internal_service_port

Integer

Specifies the port used by ECSs or BMSs to provide services for external systems.

floating_ip_id

String

Specifies the EIP ID.

floating_ip_address

String

Specifies the EIP address.

external_service_port

Integer

Specifies the port for providing services for external systems.

protocol

String

Specifies the protocol.

Its value can be tcp (6), udp (17), or any (0).

status

String
  • Specifies the status of the DNAT rule.
  • For details about all its values, see Table 1.

admin_state_up

Boolean

created_at

String

Specifies when the DNAT rule was created (UTC time). Its value rounds to 6 decimal places for seconds. The format is yyyy-mm-dd hh:mm:ss.

Examples

  • Example request
    1. Creating a DNAT rule with specified internal_service_port and external_service_port 
      POST https://{Endpoint}/v2.0/dnat_rules
{
    "dnat_rule": {
        "floating_ip_id": "bf99c679-9f41-4dac-8513-9c9228e713e1",
        "nat_gateway_id": "cda3a125-2406-456c-a11f-598e10578541",
        "port_id": "9a469561-daac-4c94-88f5-39366e5ea193",
        "internal_service_port": 993,
        "protocol": "tcp",
        "external_service_port": 242
    }
}
    1. Creating a DNAT rule with both internal_service_port and external_service_port set to 0 
      POST https://{Endpoint}/v2.0/dnat_rules
{
    "dnat_rule": {
        "floating_ip_id": "Cf99c679-9f41-4dac-8513-9c9228e713e1",
        "nat_gateway_id": "Dda3a125-2406-456c-a11f-598e10578541",
        "private_ip": "192.168.1.100",
        "internal_service_port": 0,
        "protocol": "any",
        "external_service_port": 0
    }
}
  • Example response
    1. Response to the request for creating a DNAT rule with specified internal_service_port and external_service_port 
      {
    "dnat_rule": {
        "floating_ip_id": "bf99c679-9f41-4dac-8513-9c9228e713e1",
        "status": "ACTIVE",
        "nat_gateway_id": "cda3a125-2406-456c-a11f-598e10578541",
        "admin_state_up": true,
        "port_id": "9a469561-daac-4c94-88f5-39366e5ea193",
        "internal_service_port": 993,
        "protocol": "tcp",
        "tenant_id": "abc",
        "created_at": "2017-11-15 15:44:42.595173",
        "id": "79195d50-0271-41f1-bded-4c089b2502ff",
        "floating_ip_address": "5.21.11.226",
        "external_service_port": 242,
        "private_ip": ""
    }
}
    2. Response to the request for creating a DNAT rule with both internal_service_port and external_service_port set to 0 
      {
    "dnat_rule": {
        "floating_ip_id": "cf99c679-9f41-4dac-8513-9c9228e713e1",
        "status": "ACTIVE",
        "nat_gateway_id": "dda3a125-2406-456c-a11f-598e10578541",
        "admin_state_up": true,
        "private_ip": "192.168.1.100",
        "internal_service_port": 0,
        "protocol": "any",
        "tenant_id": "abc",
        "created_at": "2017-11-15 15:44:42.595173",
        "id": "79195d50-0271-41f1-bded-4c089b2502ff",
        "floating_ip_address": "5.21.11.227",
        "external_service_port": 0
    }
}

Status Codes

See Status Codes.

Parent topic: DNAT Rules