Adds a DNAT entry to a DNAT table.
Note the following before you call this action:
-
Each combination of ExternalIp, ExternalPort, and Protocol of all DNAT entries must be unique (that is, a message cannot be forwarded to multiple targets).
-
Each combination of Protocol, InternalIp, and InternalPort of all DNAT entries must be unique.
-
If any DNAT entry in the DNAT table is in the Pending or Modifying state, a new DNAT entry cannot be added.
- ExternalIp must meet the following requirements:
- If your account has a NAT bandwidth package purchased before January 26, 2018, ExternalIp must be a public IP address in the NAT bandwidth package of the NAT Gateway.
- If your account does not have a NAT bandwidth package purchased before January 26, 2018, ExternalIP must be an EIP associated to the NAT Gateway.
- A public IP address cannot be used in both SNAT and DNAT entries at the same time.
- InternalIp must meet the following requirements:
- The InternalIp must belong to the CIDR block of the VPC to which the NAT Gateway belongs.
- The DNAT entry takes effect only when the InternalIP is used by an ECS instance that is not associated with an EIP. If the InternalIP is used by non-ECS resources such as HaVip, SLB, or RDS, the DNAT entry does not take effect and the Internet traffic cannot be forwarded to the IP address.
- A public IP address cannot be used in both SNAT and DNAT entries at the same time.
- A maximum of 100 DNAT entries can be added to a DNAT table.
Debug
By using API Explorer, you can easily debug APIs, automatically generate SDK code examples, and quickly search for APIs.
Request parameters
| Parameter | Type | Required? | Example value | Description |
|---|---|---|---|---|
| Action | String | Yes | CreateForwardEntry |
The name of this action. Value: CreateForwardEntry |
| ExternalIp | String | Yes | 116.xx.xx.28 |
The public IP address. |
| ExternalPort | String | Yes | 8080 | The public port number. Value range: 1 to 65535. |
| ForwardTableId | String | Yes | ftb-bp1mbjubq34hlcqpa5u3a |
The ID of the DNAT table. |
| InternalIp | String | Yes | 192.168.xx.xx |
The target private IP address. |
| InternalPort | String | Yes | 80 | The target private port number. Valid value: 1 to 65535. |
| IpProtocol | String | Yes | TCP |
The protocol type. Valid values:
|
| RegionId | String | Yes | cn-hangzhou |
The region to which the NAT Gateway belongs. To query the region ID, call DescribeRegions. |
| ForwardEntryName | String | No | ForwardEntry-1 |
The name of the DNAT entry to be created. The name must be 2 to 128 characters in
length and start with a Chinese character or a letter. The name cannot start with |
Response parameters
| Parameter | Type | Example value | Description |
|---|---|---|---|
| ForwardEntryId | String | fwd-119smw5tkxxxxxxxx | The ID of the DNAT entry. |
| RequestId | String | A4AEE536-A97A-40EB-9EBE-53A6948A6928 | The ID of the request. |
Examples
Request example
https://vpc.aliyuncs.com/?Action=CreateForwardEntry
&ExternalIp=116.xx.xx.28
&ExternalPort=8080
&ForwardTableId=ftb-bp1mbjubq34hlxxxxxxxx
&InternalIp=192.168.xx.xx
&InternalPort=80
&IpProtocol=TCP
&RegionId=cn-hangzhou
&<CommonParameters>
-
XML format
<CreateForwardEntryResponse> <ForwardEntryId>fwd-119smw5tkxxxxxxxx</ForwardEntryId> <RequestId>2315DEB7-5E92-423A-91F7-4C1EC9AD97C3</RequestId> </CreateForwardEntryResponse> -
JSON format
{ "ForwardEntryId":"fwd-119smw5tkxxxxxxxx", "RequestId":"2315DEB7-5E92-423A-91F7-4C1EC9AD97C3" }
Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 404 | InvalidRegionId.NotFound | The specified RegionId does not exist in our records. | The specified region ID does not exist. |
| 400 | InvalidExternalIp.Malformed | The specified ExternalIp is not a valid IP address. | The specified ExternalIp is invalid. |
| 400 | InvalidInternalIp.Malformed | The specified InternalIp is not a valid IP address. | The specified InternalIp is invalid. |
| 400 | InvalidExternalPort.Malformed | The specified ExternalPort is not a valid port. | The specified ExternalPort is invalid. |
| 400 | InvalidInternalPort.Malformed | The specified InternalPort is not a valid port. | The specified InternalPort is invalid. |
| 400 | Forbidden.DestnationIpOutOfVpcCIDR | The specified Internal Ip is Out of VPC CIDR. | The specified InternalIp is not in the CIDR block of the VPC. |
| 400 | InvalidProtocal.ValueNotSupported | The specified IpProtocol does not support. | The specified protocol type is not supported. |
| 400 | IncorretForwardEntryStatus | Some Forward entry status blocked this operation.. | You cannot perform this operation because one or more DNAT entries are in the Pending or Modifying status. |
| 404 | InvalidForwardTableId.NotFound | Specified forward table does not exist. | The specified DNAT table does not exist. |
| 404 | InvalidExternalIp.NotFound | Specified External Ip address does not found on the VRouter | The specified ExternalIP does not exist. |
| 400 | Forbidden.ExternalIp.UsedInSnatTable | The specified ExternalIp is already used in SnatTable | The specified ExternalIp is being used by an SNAT rule. Select a different IP address or delete the SNAT rule that uses this IP address. |
| 400 | Forbindden | The specified Instance already bind eip | An EIP is already attached to this ECS instance. Detach the EIP from the ECS instance first and then add the forwarding rule. |
| 400 | Forbidden.InternalIpOutOfVpcCIDR | The specified Internal Ip is Out of VPC CIDR. | The specified InternalIP is not in the CIDR block of the VPC. |
| 400 | Invalid.natgwNotExist | The specified natgateway not exist. | The specified NAT Gateway does not exist. |
| 400 | InvalidIp.NotInNatgw | The specified Ip not belong to natgateway. | The specified IP address does not belong to the NAT Gateway. |
| 400 | MissingParameter | Missing mandatory parameter | The required parameters are missing. |
| 500 | InternalError | The request processing has failed due to some unknown error. | The request cannot be processed due to unknown errors. |
| 400 | InvalidParameter.Name.Malformed | The specified Name is not valid. | The specified name is invalid. Enter a valid name and try again. |