Adding a DNAT Rule
Scenarios
After a private NAT gateway is created, you can add DNAT rules to allow servers in your VPC to provide services accessible from on-premises servers or other VPCs.
A DNAT rule needs to be configured for each port on a server that needs to be made accessible. If multiple ports on a server or multiple servers need to provide services accessible from on-premises servers or other VPCs, multiple DNAT rules need to be configured.
Constraints and Limitations
- A DNAT rule with Port Type set to All ports cannot share a transit IP address with a DNAT rule with Port Type set to Specific port.
Prerequisites
- A private NAT gateway is available.
- Transit IP addresses are available.
Procedure
- Log in to the management console.
- Click in the upper left corner and select the desired region and project.
- Click Service List in the upper left corner. Under Networking, select NAT Gateway.
The NAT gateway console is displayed.
- In the navigation pane on the left, choose NAT Gateway > Private NAT Gateways.
- On the Private NAT Gateways page, click the name of the private NAT gateway on which you need to add a DNAT rule.
- On the private NAT gateway details page, click the DNAT Rules tab.
- Click Add DNAT Rule.
After you add a DNAT rule, add rules to the security group associated with the servers to allow inbound or outbound traffic. Otherwise, the DNAT rule does not take effect.
- Configure required parameters. For details, see Table 1.
Figure 1 Add DNAT Rule
Table 1 Descriptions of DNAT rule parameters Parameter
Description
Local Network
Port Type
The port type
The type can be:
- Specific port: The private NAT gateway only forwards requests to your servers from the outside port and to the inside port configured here, and only if they use the right protocol.
- All ports: All requests received by the gateway through all ports over any protocol will be forwarded to the private IP address of your server.
Protocol
The protocol can be TCP or UDP
If you select All ports, the value of this parameter is All by default.
This parameter is only available if you select Specific port for Port Type.
Instance Type
The type of instance that will provide services accessible from on-premises data centers or other VPCs
Possible types are:
- Server
- Virtual IP address
- Load balancer
- Custom
NIC
The NIC of the server
This parameter is only available if you set Instance Type to Server.
IP Address
The IP address of the server that will provide services accessible from on-premises data centers or other VPCs. This parameter is only available if you set Instance Type to Custom.
Internal Port
The port of the instance
Range: 1 to 65535
This parameter is only available if you select Specific port for Port Type.
Transit Network
Transit IP Address
The transit IP address used to access on-premises data centers or other VPCs
You can select a transit IP address that is not bound to any resource, has been bound to a DNAT rule for the current private NAT gateway where Port Type is set to Specific port, or has been bound to a SNAT rule of the current private NAT gateway.
Transit IP Address Port
The port of the transit IP address Supported range: 1 to 65535
This parameter is only available if you select Specific port for Port Type.
Description
Supplementary information about the DNAT rule
Enter up to 255 characters.
- Click OK.
Once the rule is created, its status changes to Running.
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.