Virtual private cloud (VPC) NAT gateways support the DNAT feature. DNAT maps NAT IP addresses of a VPC NAT gateway to the private IP addresses of Elastic Compute Service (ECS) instances in a virtual private cloud (VPC). This enables the ECS instances to provide services to other private networks. DNAT supports port mapping and IP mapping.

Prerequisites

A VPC NAT gateway is created. For more information, see Create a VPC NAT gateway.

Create a DNAT entry

  1. Log on to the NAT Gateway console.
  2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
  3. In the top navigation bar, select the region where the VPC NAT gateway is deployed.
  4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click DNAT Management in the Actions column.
  5. On the DNAT Management tab, click Create DNAT Entry.
  6. On the Create DNAT Entry page, set the following parameters and click OK.
    Parameter Description
    Select NAT IP Address Select a NAT IP address to receive requests from external networks.
    Note You can use the same NAT IP address in a DNAT port mapping entry and an SNAT entry.
    Select Private IP Address Specify the private IP address of the ECS instance that uses the DNAT entry to communicate with external networks. You can specify the private IP address in one of the following ways:
    • Select by ECS or ENI: Select the ECS instance or the elastic network interface (ENI) that is associated with the ECS instance from the drop-down list.
    • Manually Enter: Enter the destination private IP address.
    Port Settings Select a DNAT mapping method:
    • Any Port: specifies IP mapping. All requests destined for the NAT IP address are forwarded to the specified ECS instance. The specified ECS instance can use the NAT IP address to access external networks.
      Note
      • If IP mapping is configured for a NAT IP address in a DNAT entry, the NAT IP address cannot be used in another DNAT entry or SNAT entry.
      • If a NAT gateway is configured with an SNAT entry and a DNAT entry that uses IP mapping, the specified ECS instance preferentially uses the DNAT entry to access external networks.
    • Specific Port: specifies port mapping. The VPC NAT gateway forwards requests to the specified ECS instance based on the specified protocol and ports.
      After you select Specific Port, set the following parameters based on your business requirements:
      • Frontend Port: Specify the port that receives external requests.
      • Backend Port: Specify the port of the ECS instance to which requests are forwarded.
      • Protocol Type: Specify the protocol used by the ports.
    Entry Name Enter a name for the DNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

Modify a DNAT entry

After you create a DNAT entry, you can modify the NAT IP address, private IP address, port settings, and name of the DNAT entry.

  1. Log on to the NAT Gateway console.
  2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
  3. In the top navigation bar, select the region where the VPC NAT gateway is deployed.
  4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click DNAT Management in the Actions column.
  5. In the DNAT Entry List section, find the DNAT entry that you want to manage and click Edit in the Actions column.
  6. On the Edit DNAT Entry page, modify the NAT IP address, private IP address, port settings, and name of the DNAT entry. Then, click Confirm.

Delete a DNAT entry

If the ECS instances in your VPC do not need to receive requests from other private networks, you can delete the DNAT entries that are created for the ECS instances.

  1. Log on to the NAT Gateway console.
  2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
  3. In the top navigation bar, select the region where the VPC NAT gateway is deployed.
  4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click DNAT Management in the Actions column.
  5. In the DNAT Entry List section, find the DNAT entry that you want to manage and click Delete in the Actions column.
  6. In the Delete DNAT Entry message, click OK.