NAT Gateway:Create and manage DNAT entries on a VPC NAT gateway

Prerequisites

A VPC NAT gateway is created. For more information, see Create and manage a VPC NAT gateway.

Create a DNAT entry

1. Log on to the NAT Gateway console.
2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
3. In the top navigation bar, select the region where the VPC NAT gateway is created.
4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click DNAT Management in the Actions column.
5. On the DNAT Management tab, click Create DNAT Entry.

6. On the Create DNAT Entry page, set the following parameters and click Confirm.

   Parameter	Description
   Select NAT IP Address	Select the NAT IP address that is used to provide services. Note You can use the same NAT IP address in a DNAT port mapping entry and an SNAT entry.
   Select Private IP Address	Specify the private IP address used to communicate with external networks. You can specify the private IP address in one of the following ways: Select by ECS or ENI: Specify the private IP address by selecting the ECS instance or the elastic network interface (ENI) that is associated with the ECS instance from the drop-down list. Manually Enter: Enter the private IP address.
   Port Settings	Select a DNAT mapping method. DNAT supports port mapping and IP mapping. Any Port: specifies IP mapping. All requests destined for the NAT IP address are forwarded to the specified ECS instance. The specified ECS instance can use the NAT IP address to access external private networks. Note If IP mapping is configured for a NAT IP address in a DNAT entry, the NAT IP address cannot be used in another DNAT or SNAT entry. If a NAT gateway is configured with an SNAT entry and a DNAT entry that uses IP mapping, the specified ECS instance preferentially uses the DNAT entry to access external private networks. Specific Port: specifies port mapping. The VPC NAT gateway forwards requests to the specified ECS instance based on the specified protocol and ports. After you select Specific Port, set the following parameters based on your business requirements: Frontend Port: the port that is used to access the NAT IP address from external private networks. Backend Port: the port mapped to the ECS instance. Protocol: the protocol used by the ports.
   Entry Name	Enter a name for the DNAT entry. The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://.

Modify a DNAT entry

After you create a DNAT entry, you can modify the NAT IP address, private IP address, port settings, and name of the DNAT entry.

1. Log on to the NAT Gateway console.
2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
3. In the top navigation bar, select the region where the VPC NAT gateway is created.
4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click DNAT Management in the Actions column.

5. In the DNAT Entry List section, find the DNAT entry that you want to manage and click Edit in the Actions column.

6. On the Edit DNAT Entry page, modify the NAT IP address, private IP address, port, or name of the DNAT entry, and then click OK.

Delete a DNAT entry

If the ECS instances in your VPC do not need to receive requests from external private networks, you can delete the DNAT entries that are created for the ECS instances.

1. Log on to the NAT Gateway console.
2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
3. In the top navigation bar, select the region where the VPC NAT gateway is created.
4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click DNAT Management in the Actions column.

5. In the DNAT Entry List section, find the DNAT entry that you want to manage and click Delete in the Actions column.

6. In the Delete DNAT Entry message, click OK.

References

• CreateForwardEntry: creates a DNAT entry.

• ModifyForwardEntry: modifies a DNAT entry.

• DeleteForwardEntry: deletes a DNAT entry.