Updated on 2023-11-28 GMT+08:00

Adding an SNAT Rule


After the private NAT gateway is created, add an SNAT rule so that some or all servers in a VPC subnet can share a transit IP address to access on-premises data centers or other VPCs.

Constraints and Limitations

  • Only one SNAT rule can be added for each VPC subnet.


  • A private NAT gateway is available.
  • Transit IP addresses are available.
  • A Direct Connect connection has been created with the VPC CIDR block set to For details, see Create a Virtual Gateway.


  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click Service List in the upper left corner. Under Networking, select NAT Gateway.

    The NAT gateway console is displayed.

  4. In the navigation pane on the left, choose NAT Gateway > Private NAT Gateways.
  1. On the Private NAT Gateways page, click the name of the private NAT gateway on which you need to add an SNAT rule.
  2. On the SNAT Rules tab, click Add SNAT Rule.
  3. Configure required parameters. For details, see Table 1.
    Figure 1 Add SNAT Rule
    Table 1 Parameter descriptions of an SNAT rule




    The subnet type of the SNAT rule. Select Existing or Custom.

    Select a subnet where IP address translation is required in the service VPC.


    You can create alarm rules to watch the number of SNAT connections.

    Transit IP Address

    Select the created transit IP address.


    Provides supplementary information about the SNAT rule. Enter up to 255 characters. Angle brackets (<>) are not allowed.

  4. Click OK.

    You can add multiple SNAT rules for a private NAT gateway to suite your service requirements.

Helpful Links

Managing SNAT Rules