All Products
Document Center

Configure DNAT

Last Updated: Oct 30, 2017

NAT Gateway is an enterprise-class public network gateway that provides NAT proxy services (SNAT and DNAT), up to 10 Gbps forwarding capacity, and cross-zone disaster recovery. For more information, see What is NAT gateway.

You can use the DNAT function to map a public IP to a private IP. By adding a DNAT entry, the Internet traffic through the public IP is forwarded to the mapped private IP.


  1. Log on to the VPC console.

  2. In the left-side navigation pane, click NAT Gateway. In the upper-right corner of the NAT Gateway page, click Create NAT Gateway.

  3. Click Buy Now and complete the creation.


    For more information about the billing method of the NAT gateway, see billing.

  4. Find the target NAT gateway, and click the Buy Shared Bandwidth Package link.

    As a public network gateway, the NAT gateway must have configured with public IPs and bandwidth. The public IPs in the NAT Gateway are abstractly grouped into a shared bandwidth package.

  5. On the Shared Bandwidth Package page, click Buy Shared Bandwidth Package again.


  6. On the purchase page, configure the purchase information and click Buy Now complete the payment.

  7. Return to the NAT gateway page, find the target NAT gateway, click Configure DNAT.


  8. Configure the DNAT entry according to the following information.

    Public IP

    Select a public IP to forward the Internet traffic.

    Note: You cannot use the IP that is already being used in an SNAT entry.

    Private IP

    The private IP that you want to map. You can specify the private IP in the following ways:

    • Manually Input: Enter the private IP that you want to map. It must be within the private IP range of the VPC.
    • Auto Fill: Select an ECS instance in the VPC from the list. The private IP of the selected ECS instance is automatically entered in the field.

    Port Settings

    DNAT supports IP mapping and port mapping. Select a mapping method:

    • All Ports: Select this option to configure IP mapping. Using this method, the ECS instance with the specified private IP can receive any Internet requests using any protocol on any port. This is the same as binding an EIP to it.

      You do not need to configure the public port, private port, and IP protocol when configuring IP mapping.

    • Specific Port: Select this option to configure port mapping. Using this method, the NAT gateway will forward the received data from [ExternalIp:ExternalPort] using the specified protocol to [InternalIp:InternalPort], and send the response in the same.

      You must specify the public port, private port, and IP protocol when configuring port mapping.

  9. Click Confirm. The status of the added DNAT entry is Configuring. When the status is Available, the DNAT entry has been successfully added.dnat3