Destination Network Address Translation (DNAT) maps the private IP address of an SAG device to a public IP address. DNAT allows you to access a private network from a public network. This enables a private network to provide services to a public network.

Procedure

  1. Log on to the Smart Access Gateway console.
  2. Use one of the following methods to open the Network Configuration tab.
    • Click the ID of the SAG instance that you want to manage. On the details page, click the Network Configuration tab.
    • Find the SAG instance that you want to manage and click Network Configuration in the Actions column.
  3. Click the DNAT tab.
  4. Click Add DNAT Rule.
  5. In the Add DNAT Rule dialog box, set the parameters and click OK.
    The following table describes the parameters.
    Parameter Description
    DNAT Type Supported DNAT types:
    • Public Network DNAT: maps a private IP address to a public IP address, and automatically identifies the current public IP address. If you want to access a private network over the Internet, select this option.
    • Private Network DNAT: maps a private IP address to a specified private IP address. Make sure that the specified private IP address does not overlap with another IP address in the private network. Select this option in these scenarios: CIDR blocks overlap with each other in the private network, you also want to access private networks over the Internet when you use SNAT to access Alibaba Cloud resources, or you want to hide the private IP address from Alibaba Cloud.
    Connection Type Supported connection types:
    • All ports: uses IP mapping. Requests that are destined for the specified private IP address are forwarded to the public address to which the private IP address is mapped.
    • Specified Port: Requests that use the specified protocols, ports, and private IP address are forwarded to the specified port of the public IP address to which the private IP address is mapped.

      If you select Specified Port, enter a public port, a private port, and a protocol type based on your workload requirements.

    Public IP The CIDR blocks before it is translated based on the DNAT rule.
    Private IP The CIDR block after it is translated based on the DNAT rule.
    Public Port The port after it is translated based on the DNAT rule. Valid values: 1 to 65535.
    Private Port The port before it is translated based on the DNAT rule. Valid values: 1 to 65535.
    Protocol The protocols supported in the SAG console shall prevail.