Adding a DNAT Rule

Scenarios

After a NAT gateway is created, you can add DNAT rules to allow servers in your VPC to provide services accessible from the Internet.

You can configure only one DNAT rule for each port of a server. One port can be mapped to only one EIP. If multiple servers need to provide services accessible from the Internet, create multiple DNAT rules.

Prerequisites

A NAT gateway has been created.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. Under Network, choose NAT Gateway.
4. On the displayed page, click the name of the NAT gateway for which you want to add the DNAT rule.
5. On the NAT gateway details page, click the DNAT Rules tab.
6. Click Add DNAT Rule.
   

   Add security group rules to allow inbound or outbound traffic after you add a DNAT rule. Otherwise, the DNAT rule does not take effect.

   Figure 1 Add DNAT Rule
   

7. Configure the parameters as prompted. For details, see Table 1.

   Table 1 Parameter descriptions

   Parameter	Description
   Scenario	VPC: Servers in the VPC can share an EIP to provide services accessible from the Internet through the DNAT rule. Direct Connect: Servers in your data center that are connected to a VPC using Direct Connect or VPN can provide services accessible from the Internet through the DNAT rule.
   Port Type	The port type. You can select All ports or Specific port. All ports: This is equivalent to assigning an EIP to a server. Any requests on the EIP will be forwarded by the NAT gateway to your server based on IP address mapping. Specific port: The NAT gateway only forwards requests with a specific protocol and port on the EIP to the corresponding port of the target server.
   Protocol	The protocol can be TCP or UDP. This parameter is available if you select Specific port for Port Type. If you select All ports, the value of this parameter will be All by default.
   EIP	The EIP that will be used by the server to provide services accessible from the Internet. You can select an EIP that either is not bound to any resource, has been bound to a DNAT rule with Port Type set to Specific port of the current NAT gateway, or has been bound to an SNAT rule of the current NAT gateway.
   Outside Port	The port of the EIP. This parameter is available if you select Specific port for Port Type. Value range: 1–65535 You can enter a single port number, for example, 80.
   Private IP Address	In a VPC scenario, set this parameter to the IP address of the server in a VPC. This IP address is used by the server to provide services accessible from the Internet through DNAT. In a Direct Connect scenario, set this parameter to the IP address of the server in the local data center or the user's private IP address. This IP address is used by local servers that are connected to a VPC through Direct Connect or VPN to provide services accessible from the Internet through DNAT. Configure the port of Private IP Address if you select Specific port for Port Type.
   Inside Port	The port of the server that provides services accessible from the Internet through the DNAT rule. This parameter is available if you select Specific port for Port Type. Value range: 1–65535 You can enter a single port number, for example, 80.

8. After the configuration is complete, click OK. Once the rule is created, its status changes to Running.