Adding a DNAT Rule

Scenarios

After a public NAT gateway is created, add DNAT rules to allow servers in your VPC to provide services accessible from the Internet.

Only one DNAT rule can be configured for each port on a server. One port can be mapped to only one EIP. If multiple servers need to provide services accessible from the Internet, create multiple DNAT rules.

Restrictions and Limitations

• Only one DNAT rule can be configured for each port on a server. One port can be mapped to only one EIP.
• A maximum of 200 DNAT rules can be added on a public NAT gateway.

Prerequisites

A public NAT gateway is available.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. Click Service List in the upper left corner. Under Networking, select NAT Gateway.

   The Public NAT Gateway page is displayed.

4. On the displayed page, click the name of the public NAT gateway on which you need to add a DNAT rule.
5. On the public NAT gateway details page, click the DNAT Rules tab.
6. Click Add DNAT Rule.
   Figure 1 Add DNAT Rule
   
7. Configure required parameters. For details, see Table 1.

   Table 1 Descriptions of DNAT rule parameters

   Parameter	Description
   Scenario	Select VPC if your servers in a VPC will use the DNAT rule to share the same EIP to provide services accessible from the Internet. Direct Connect/Cloud Connect: Select this scenario if your on-premises servers or servers in another VPC will use the DNAT rule to provide services accessible from the Internet.
   Port Type	The port type All ports: All requests received by the gateway through all ports over any protocol will be forwarded to the private IP address of your server. Specific port: Only requests received from a specified port over a specified protocol will be forwarded to the specified port on the server.
   Protocol	The protocol can be TCP or UDP. This parameter is available if you select Specific port for Port Type. If you select All ports, the value of this parameter is All by default.
   EIP	The EIP that will be used by the server to provide services accessible from the Internet You can select an EIP that either has not been bound, has been bound to a DNAT rule of the current public NAT gateway with Port Type set to Specific port, or has been bound to an SNAT rule of the current public NAT gateway.
   Outside Port	The port of the EIP used by the NAT gateway for external communication This parameter is only available if you select Specific port for Port Type. Range: 1 to 65535 You can enter a specific port number or a port range, for example, 80 or 80-100.
   Private IP Address	In a VPC scenario, set this parameter to the private IP address of a server in the NAT gateway's VPC. The server will provide services accessible from the Internet through DNAT. In a Direct Connect/Cloud Connect scenario, set this parameter to IP address of the server in your on-premises data center or your private IP address. This IP address is used by on-premises servers that are connected to a VPC through Direct Connect or servers in another VPC to provide services accessible from the Internet through DNAT. NOTE: In the Direct Connect or Cloud Connect scenario, the private IP address can also be a virtual IP address. Configure the port of Private IP Address if you select Specific port for Port Type.
   Inside Port	The port of the server over which the originating requests will be forwarded This parameter is only available if you select Specific port for Port Type. Range: 1 to 65535 You can enter a specific port number or a port range, for example, 80 or 80-100.
   Description	Provides supplementary information about the DNAT rule. Enter up to 255 characters. Angle brackets (<>) are not allowed.

8. Click OK.

   Once the rule is created, its status changes to Running.

After you add a DNAT rule, add rules to the security group associated with the servers to allow inbound or outbound traffic. Otherwise, the DNAT rule does not take effect.