Updated on 2024-03-30 GMT+08:00

Private NAT Gateway Overview

Private NAT Gateways

Private NAT gateways provide private address translation services for ECSs and BMSs in a VPC. You can configure SNAT and DNAT rules to translate the source and destination IP addresses into transit IP addresses, so that servers in the VPC can communicate with other VPCs or on-premises data centers.

Specifically:

  • SNAT enables servers across AZs in a VPC to share a transit IP address to access on-premises data centers or other VPCs.
  • DNAT enables servers across AZs in a VPC to share a transit IP address to provide services accessible from on-premises data centers or other VPCs.

Transit Subnet

A transit subnet functions as a transit network. You can configure a transit IP address for the transit subnet so that servers in a local VPC can share the transit IP address to access on-premises data centers or other VPCs.

Transit VPC

The transit VPC is the VPC that the transit subnet is a part of.

Figure 1 Private NAT gateway

Differences Between Public and Private NAT Gateways

Public NAT gateways use SNAT rules to map private IP addresses to EIPs, so that servers in a VPC can share an EIP to access the Internet. DNAT rules enable the servers to share an EIP to provide services accessible from the Internet.

Private NAT gateways use SNAT rules to map private IP addresses to transit IP addresses, so that servers in a VPC can access on-premises data centers or other VPCs. DNAT rules enable the servers to share the transit IP address to provide services accessible from the private network.

Table 1 describes the differences between public and private NAT gateways.

Table 1 Differences between public and private NAT gateways

Item

Public NAT Gateway

Private NAT Gateway

Function

Connects a private network to the Internet

Connects private networks

SNAT

Enables access to the Internet

Enables access to on-premises data centers or other VPCs

DNAT

Allows servers to provide services accessible from the Internet

Allows servers to provide services accessible from on-premises data centers or other VPCs in private networks

Communications media

EIP

Transit IP address