This topic describes how to create a Destination Network Address Translation (DNAT) entry. DNAT maps public IP addresses to Elastic Compute Service (ECS) instances in a Virtual Private Cloud (VPC) network. This way, the ECS instances can receive requests sent over the Internet. DNAT supports port mapping and IP mapping.


A NAT gateway is created and associated with an elastic IP address (EIP). For more information, see Create a NAT gateway and Associate EIPs with a NAT gateway.
Note If you purchased a NAT service plan before January 26, 2018, make sure that the NAT service plan has unused public IP addresses.


  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where the NAT gateway is created.
  3. On the NAT Gateway page, find the NAT gateway that you want to manage, and click Configure DNAT in the Actions column.
  4. In the DNAT Entry List section, click Create DNAT Entry.
  5. In the Create DNAT Entry dialog box, set the following parameters, and click OK.
    Parameter Description
    Public IP Address Select the EIP that is used to communicate with the Internet.
    Note If an EIP is already used in a SNAT entry, it cannot be used in a DNAT entry.
    Private IP Address Select the ECS instance that uses the DNAT entry to receive requests from the Internet. You can specify the private IP address of the ECS instance that receives requests from the Internet in the following ways:
    • Auto Fill: Select an ECS instance from the ECS instance or Elastic Network Interface (ENI) list.
    • Manually Input: Enter the private IP address of the ECS instance that receives requests from the Internet.
      Note The CIDR block of the private IP address must be within that of the VPC network. You can also enter the private IP address of your ECS instance.
    Port Settings Select a DNAT mapping method:
    • All: This method uses IP mapping. All requests destined for the public IP address are forwarded to the selected ECS instance.
    • Specific Port: This method uses port mapping. The NAT gateway forwards requests from the specified protocol and port to the specified port of the selected ECS instance.
      If you select port mapping, you need to specify the following parameters based on your business requirements:
      • Public Port: the external port where requests from the Internet are received.
      • Private Port: the internal port to which the requests received on the external port are forwarded.
      • Protocol Type: the protocol used by the ports.
    Entry Name Enter a name for the DNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter or Chinese character.