Updated on 2022-08-08 GMT+08:00

Notes and Constraints

When using a NAT gateway:
  • Multiple rules for one NAT gateway can use the same EIP, but the rules for different NAT gateways must use different EIPs.
  • Each VPC can only have one NAT gateway.
  • Manually adding the default route for a VPC is not allowed.
  • Each VPC subnet can only be used in one SNAT rule.
  • SNAT and DNAT rules are designed for different functions. If SNAT and DNAT rules use the same EIP, resource preemption will occur. An SNAT rule cannot share an EIP with a DNAT rule with Port Type set to All ports.
  • DNAT rules do not support the mapping between an EIP and a virtual IP address.
  • If both an EIP and a NAT gateway are configured for a server, data will be forwarded through the EIP.
  • When you add an SNAT rule, if the rule is used in the VPC scenario, the custom CIDR block must be a subset of the NAT gateway's VPC subnets. If the rule is used in the Direct Connect scenario, the custom CIDR block must be a CIDR block of a Direct Connect connection and cannot overlap with the NAT gateway's VPC subnets.
  • After you perform operations on underlying resources of an ECS, for example, changing its specifications, the configured NAT gateway rules will become invalid. Delete the rules and recreate them for the new specifications.
  • You can configure only one DNAT rule for each port of a server. One port can be mapped to only one EIP.