NAT Gateway provides SNAT, DNAT, and bandwidth sharing features.


SNAT allows ECS instances without public IP addresses in a VPC to access the Internet.

SNAT can also be used as a firewall to prevent unwanted access to backend servers. After you configure SNAT entries to allow backend servers to initiate connections with specific external terminals, only these external terminals will be able to access the backend servers.


DNAT maps a public IP address of a NAT gateway to an ECS instance so that the ECS instance can be accessible from the Internet.

DNAT supports port mapping and IP mapping.

EIP bandwidth plans

You can associate an EIP with a NAT gateway, and then add the EIP to an EIP bandwidth plan. After the EIP is added to an EIP bandwidth plan, the original billing method of the EIP is no longer effective and the EIP incurs only instance fees.