edit-icon download-icon

Manage a DNAT table

Last Updated: Feb 07, 2018

You can use the DNAT function to map a public IP to a private IP. Then, the ECS instance with the specified public IP can provide public services or access over the Internet.

DNAT table

The DNAT function in the NAT gateway is abstracted as a port forwarding table.

A DNAT table is automatically created after creating a NAT gateway. You cannot create or delete a DNAT table. You can enable the DNAT function by adding port forwarding entries in the port forwarding table.

DNAT entries

A port forwarding table consists of multiple port forwarding entries.

A port forwarding entry consists of five attributes: public IP, public port, private IP, private port, and protocol.

The private IP is the private IP of the ECS instance, and the public IP is a system allocated public IP after you purchase a shared bandwidth package.

Port mapping and IP mapping

The DNAT function provides two forwarding modes:

  • Port mapping

    A port mapping forwards the packet between [Private IP:Private Port] and [Public IP:Public Port] using the specified protocol .

    When configuring port mapping, you must specify the public port, private port and protocol, such as the Entry 1 and Entry 2 in the following table.

  • IP mapping

    An IP mapping entry is equivalent to binding an EIP to the ECS instance.

    When configuring the IP mapping, you do not need to specify the public port, private port and protocol, such as the Entry 3 in the following table.

Example of DNAT entries

Forwarding entries Public IP Public port Private IP Private port Protocol
Entry 1 139.224.xx.xx 80 192.168.x.x 80 TCP
Entry 2 139.224.xx.xx 8080 192.168.x.x 8000 UDP
Entry 3 139.224.xx.xx Any 192.168.x.x Any Any

Add a DNAT entry

By adding a DNAT entry, you can map a public IP to a private IP. This enables ECS instance with the private IP to provide public services and access over the Internet.

For details, see Add a DNAT entry.

Edit a DNAT entry

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click NAT Gateway.

  3. Click the ID of the target gateway.

  4. In the left-side navigation pane, click DNAT Table.

  5. Click Edit in the Actions column of the target DNAT entry to update the DNAT entry settings.

Delete a DNAT entry

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click NAT Gateway.

  3. Click the ID of the target gateway.

  4. In the left-side navigation pane, click DNAT Table.

  5. Click Delete in the Actions column of the target DNAT entry to delete the DNAT entry.

Thank you! We've received your feedback.