Destination Network Address Translation (DNAT) maps the private IP address of an SAG device to a public IP address. DNAT allows you to access a private network from a public network. This enables the private network to provide services to the public network.

Procedure

  1. Log on to the Smart Access Gateway console.
  2. Choose one of the following methods to open the Network Configuration tab.
    • Click the ID of the target SAG instance. On the instance details page that appears, click Network Configuration.
    • Find the target SAG instance and click Network Configuration in the Actions column.
  3. Click the DNAT tab.
  4. Click Add DNAT Rule.
  5. In the Add DNAT Rule dialog box, set the parameters.
    The parameters are described in the following table.
    Parameter Description
    DNAT Type Supported DNAT types:
    • Public Network DNAT: maps a private IP address to a public IP address, and automatically identifies the current public IP address. If you want to access a private network over the Internet, select this option.
    • Private Network DNAT: maps a private IP address to a specified private IP address. Make sure that the specified private IP address does not overlap with another IP address in the private network. Select this option in these scenarios: CIDR blocks overlap with each other in the private network, you also want to access private networks over the Internet when you use SNAT to access Alibaba Cloud resources, or you want to hide the private IP address from Alibaba Cloud.
    Connection Type Supported connection types:
    • All ports: uses IP mapping. Forwards any requests that are destined for the mapped private IP address to the target private address.
    • Specified Port: forwards the specified protocols and port traffic that are destined for the mapped private IP address to the specified port of the target private IP address.

      If you select Specified Port, enter the public port, private port, and protocol type based on your workload needs.

    Public IP Address The source IP address before conversion.
    Internal IP Address The target IP address after conversion.
    Public Port The port that provides service after the private IP address is mapped to the public network. Valid values: 1 to 65535.
    Private Port The real port over which services are provided by the private network. Valid values: 1 to 65535.
    Protocol Valid values: TCP and UDP.
  6. Click OK.