Creating a DNAT Rule

Function

This API is used to create a DNAT rule.

You can create a DNAT rule only when status of the NAT gateway is ACTIVE and admin_state_up of the NAT gateway administrator is True. Specify either port_id or private_ip at a time. If you are going to create a DNAT rule that allows traffic to and from all ports of a server and an EIP, set internal_service_port to 0, external_service_port to 0, and protocol to any.

URI

POST /v2.0/dnat_rules

Request

Table 1 lists the request parameter.

**Table 1** Request parameter
Parameter	Mandatory	Type	Description
dnat_rule	Yes	Object	Specifies the DNAT rule object. For details, see Table 2.

**Table 2** Description of the **dnat_rule** field
Parameter	Mandatory	Type	Description
nat_gateway_id	Yes	String	Specifies the public NAT gateway ID.
port_id	No	String	Specifies the port ID of an ECS or BMS. Configure either port_id or private_ip.
private_ip	No	String	Specifies the private IP address of a user, for example, the IP address of a VPC connected by a Direct Connect connection. You can specify either this parameter or port_id.
internal_service_port	Yes	Integer	Specifies the port used by ECSs or BMSs to provide services for external systems. The value ranges from 0 to 65535.
floating_ip_id	Yes	String	Specifies the EIP ID.
external_service_port	Yes	Integer	Specifies the port for providing services for external systems. The value ranges from 0 to 65535.
protocol	Yes	String	Specifies the protocol. Its value can be tcp (6), udp (17), or any (0).
internal_service_port_range	No	String	Specifies the port range used by ECSs or BMSs to provide services for external systems. The number of ports must be the same as that of external _service_port_range. The value ranges from 1 to 65535. Specify two port numbers connected by a single hyphen (-) and no blank spaces in the x-y format, where x is lower than y.
external_service_port_range	No	String	Specifies the port range used by the floating IP address for providing services for external systems. The number of ports must be the same as that of internal _service_port_range. The value ranges from 1 to 65535. Specify two port numbers connected by a single hyphen (-) and no blank spaces in the x-y format, where x is lower than y.

Response

Table 3 lists response parameter.

**Table 3** Response parameter
Parameter	Type	Description
dnat_rule	Object	Specifies the DNAT rule object. For details, see Table 4.

**Table 4** Description of the **dnat_rule** field
Parameter	Type	Description
id	String	Specifies the DNAT rule ID.
tenant_id	String	Specifies the project ID.
nat_gateway_id	String	Specifies the public NAT gateway ID.
port_id	String	Specifies the port ID of an ECS or BMS. This parameter is used in the VPC scenario. Configure either port_id or private_ip.
private_ip	String	Specifies the private IP address, for example, the IP address of a Direct Connect connection. This parameter is used in the Direct Connect scenario. Configure either private_ip or port_id.
internal_service_port	Integer	Specifies the port used by ECSs or BMSs to provide services for external systems.
floating_ip_id	String	Specifies the EIP ID.
floating_ip_address	String	Specifies the EIP address.
external_service_port	Integer	Specifies the port for providing services for external systems.
protocol	String	Specifies the protocol. Its value can be tcp (6), udp (17), or any (0).
status	String	Specifies the status of the DNAT rule. For details about all its values, see Table 1.
admin_state_up	Boolean	Specifies whether the DNAT rule is frozen. The value can be: true: The DNAT rule is unfrozen. false: The DNAT rule is frozen.
created_at	String	Specifies when the DNAT rule was created (UTC time). Its value rounds to 6 decimal places for seconds. The format is yyyy-mm-dd hh:mm:ss.
internal_service_port_range	String	Specifies the port range used by ECSs or BMSs to provide services for external systems. The number of ports must be the same as that of external _service_port_range. The value ranges from 1 to 65535. Specify two port numbers connected by a single hyphen (-) and no blank spaces in the x-y format, where x is lower than y.
external_service_port_range	String	Specifies the port range used by the floating IP address for providing services for external systems. The number of ports must be the same as that of internal _service_port_range. The value ranges from 1 to 65535. Specify two port numbers connected by a single hyphen (-) and no blank spaces in the x-y format, where x is lower than y.

Examples

Example request

Creating a DNAT rule with specified internal_service_port and external_service_port

POST https://{Endpoint}/v2.0/dnat_rules
{
    "dnat_rule": {
        "floating_ip_id": "bf99c679-9f41-4dac-8513-9c9228e713e1",
        "nat_gateway_id": "cda3a125-2406-456c-a11f-598e10578541",
        "port_id": "9a469561-daac-4c94-88f5-39366e5ea193",
        "internal_service_port": 993,
        "protocol": "tcp",
        "external_service_port": 242
    }
}

Creating a DNAT rule with both internal_service_port and external_service_port set to 0

POST https://{Endpoint}/v2.0/dnat_rules
{
    "dnat_rule": {
        "floating_ip_id": "Cf99c679-9f41-4dac-8513-9c9228e713e1",
        "nat_gateway_id": "Dda3a125-2406-456c-a11f-598e10578541",
        "private_ip": "192.168.1.100",
        "internal_service_port": 0,
        "protocol": "any",
        "external_service_port": 0
    }
}

Creating a DNAT rule with specified external_service_port_range and internal_service_port_range

POST https://{Endpoint}/v2.0/dnat_rules 
 { 
     "dnat_rule": { 
        "floating_ip_id": "0cc38f0c-f26b-4556-b956-f5831061bb86", 
        "nat_gateway_id": "dcb80bee-3e67-4282-8cc3-981431a63583", 
        "private_ip": "172.16.1.197", 
        "internal_service_port": 0,
        "internal_service_port_range": "55-66",
        "protocol": "udp", 
        "external_service_port": 0,
        "external_service_port_range": "55-66",  
        "description": "my dnat rule 01"
     } 
 }

Example response

Response to the request for creating a DNAT rule with specified internal_service_port and external_service_port

{
    "dnat_rule": {
        "floating_ip_id": "bf99c679-9f41-4dac-8513-9c9228e713e1",
        "status": "ACTIVE",
        "nat_gateway_id": "cda3a125-2406-456c-a11f-598e10578541",
        "admin_state_up": true,
        "port_id": "9a469561-daac-4c94-88f5-39366e5ea193",
        "internal_service_port": 993,
        "protocol": "tcp",
        "tenant_id": "abc",
        "created_at": "2017-11-15 15:44:42.595173",
        "id": "79195d50-0271-41f1-bded-4c089b2502ff",
        "floating_ip_address": "5.21.11.226",
        "external_service_port": 242,
        "private_ip": ""
    }
}

Response to the request for creating a DNAT rule with both internal_service_port and external_service_port set to 0

{
    "dnat_rule": {
        "floating_ip_id": "cf99c679-9f41-4dac-8513-9c9228e713e1",
        "status": "ACTIVE",
        "nat_gateway_id": "dda3a125-2406-456c-a11f-598e10578541",
        "admin_state_up": true,
        "private_ip": "192.168.1.100",
        "internal_service_port": 0,
        "protocol": "any",
        "tenant_id": "abc",
        "created_at": "2017-11-15 15:44:42.595173",
        "id": "79195d50-0271-41f1-bded-4c089b2502ff",
        "floating_ip_address": "5.21.11.227",
        "external_service_port": 0
    }
}

Response to the request for creating a DNAT rule with specified external_service_port_range and internal_service_port_range

{  
      "dnat_rule": {  
          "floating_ip_id": "0cc38f0c-f26b-4556-b956-f5831061bb86",  
          "status": "ACTIVE",  
          "nat_gateway_id": "dcb80bee-3e67-4282-8cc3-981431a63583",  
          "admin_state_up": true,  
          "private_ip": "172.16.1.197",  
          "internal_service_port": 0,  
          "protocol": "udp",  
          "tenant_id": "057ef081ad80d2732fcec011fdbc01c0",  
          "created_at": "2020-09-21 11:46:11.474729",  
          "id": "0de17f1a-686a-4484-9d8b-973889f8654c",  
          "external_service_port": 0,  
          "floating_ip_address": "10.185.74.219", 
          "port_id": "", 
          "internal_service_port_range":"55-66", 
          "external_service_port_range":"55-66" 
      }  
  }