Help Center/ NAT Gateway/ API Reference/ APIs for Public NAT Gateways/ DNAT Rules/ Querying Details of a DNAT Rule

Updated on 2026-03-19 GMT+08:00

Online Debugging

CLI Examples

View PDF

Querying Details of a DNAT Rule

Function

This API is used to query details of a DNAT rule.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
nat:dnatRules:get	Read	gateway *	g:EnterpriseProjectId g:ResourceTag/<tag-key>	-	-
nat:dnatRules:get	Read	dnatRule *	g:EnterpriseProjectId	-	-

URI

GET /v2/{project_id}/dnat_rules/{dnat_rule_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Specifies the project ID.
dnat_rule_id	Yes	String	Specifies the DNAT rule ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Specifies the user token. It is a response to the API for obtaining a user token. This API is the only one that does not require authentication. The value of X-Subject-Token in the response header is the token value.

Response Parameters

Status code: 200

**Table 3** Response body parameters
Parameter	Type	Description
dnat_rule	NatGatewayDnatRuleResponseBody object	Specifies the response body of the DNAT rule.

**Table 4** NatGatewayDnatRuleResponseBody
Parameter	Type	Description
id	String	Specifies the DNAT rule ID.
tenant_id	String	Specifies the project ID.
description	String	Provides supplementary information about the DNAT rule. The description can contain up to 255 characters and cannot contain angle brackets (<>).
port_id	String	Specifies the port ID of an ECS or BMS. This parameter applies to VPC scenarios. Configure either port_id or private_ip.
private_ip	String	Specifies the private IP address of a user. This parameter applies to Direct Connect and Cloud Connect scenarios. Configure either private_ip or port_id.
internal_service_port	Integer	Specifies the port used by ECSs or BMSs to provide services for external systems. Supported range: 0 to 65535
nat_gateway_id	String	Specifies the public NAT gateway ID.
global_eip_id	String	Specifies the global EIP ID. Configure either the EIP ID or the global EIP ID.
global_eip_address	String	Specifies the global EIP.
floating_ip_id	String	Specifies the EIP ID.
floating_ip_address	String	Specifies the EIP address.
external_service_port	Integer	Specifies the port used by the floating IP address to provide services for external systems. Supported range: 0 to 65535
status	String	Specifies the DNAT rule status. The value can be: ACTIVE: The DNAT rule is available. PENDING_CREATE: The DNAT rule is being created. PENDING_UPDATE: The DNAT rule is being updated. PENDING_DELETE: The DNAT rule is being deleted. EIP_FREEZED: The EIP is frozen. INACTIVE: The DNAT rule is unavailable.
admin_state_up	Boolean	Specifies whether the instance is unfrozen or frozen. The value can be: true: unfrozen false: frozen
internal_service_port_range	String	Specifies the port range used by ECSs or BMSs to provide services for external systems. The number of ports must be the same as that of external_service_port_range. The value ranges from 1 to 65535. Constraints: Port ranges can only be connected using hyphens (-).
external_service_port_range	String	Specifies the port range used by the floating IP address to provide services for external systems. The number of ports must be the same as that of internal_service_port_range. The value ranges from 1 to 65535. Constraints: Port ranges can only be connected using hyphens (-).
protocol	String	Specifies the protocol. TCP, UDP, and ANY are supported. The protocol number of TCP, UDP, and ANY are 6, 17, and 0, respectively.
created_at	String	Specifies when the DNAT rule was created. The time is in yyyy-mm-dd hh:mm:ss.SSSSSS format.

Example Requests

GET https://{NAT_endpoint}/v2/d199ba7e0ba64899b2e81518104b1526d/dnat_rules/5b95c675-69c2-4656-ba06-58ff72e1d338

Example Responses

Status code: 200

DNAT rule details queried.

{
  "dnat_rule" : {
    "floating_ip_id" : "bf99c679-9f41-4dac-8513-9c9228e713e1",
    "status" : "ACTIVE",
    "nat_gateway_id" : "cda3a125-2406-456c-a11f-598e10578541",
    "admin_state_up" : true,
    "port_id" : "9a469561-daac-4c94-88f5-39366e5ea193",
    "private_ip" : "",
    "internal_service_port" : 993,
    "protocol" : "tcp",
    "tenant_id" : "d199ba7e0ba64899b2e81518104b1526d",
    "created_at" : "2017-11-15 15:44:42.595173",
    "id" : "5b95c675-69c2-4656-ba06-58ff72e1d338",
    "floating_ip_address" : "5.21.11.226",
    "external_service_port" : 242,
    "description" : "my dnat rule 01"
  }
}

SDK Sample Code

The SDK sample code is as follows.

Java

    
     
       
       
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.nat.v2.region.NatRegion;
import com.huaweicloud.sdk.nat.v2.*;
import com.huaweicloud.sdk.nat.v2.model.*;


public class ShowNatGatewayDnatRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        NatClient client = NatClient.newBuilder()
                .withCredential(auth)
                .withRegion(NatRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowNatGatewayDnatRuleRequest request = new ShowNatGatewayDnatRuleRequest();
        request.withDnatRuleId("{dnat_rule_id}");
        try {
            ShowNatGatewayDnatRuleResponse response = client.showNatGatewayDnatRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      

    
   

Python

    
     
       
       
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdknat.v2.region.nat_region import NatRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdknat.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = NatClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(NatRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowNatGatewayDnatRuleRequest()
        request.dnat_rule_id = "{dnat_rule_id}"
        response = client.show_nat_gateway_dnat_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      

    
   

Go

    
     
       
       
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    nat "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/nat/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/nat/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/nat/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := nat.NewNatClient(
        nat.NatClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ShowNatGatewayDnatRuleRequest{}
	request.DnatRuleId = "{dnat_rule_id}"
	response, err := client.ShowNatGatewayDnatRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      

    
   

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	DNAT rule details queried.

Error Codes

See Error Codes.

Parent topic: DNAT Rules

Previous topic: Updating a DNAT Rule

Next topic: Adding DNAT Rules in Batches

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot