This tutorial provides a step-by-step guide on how to configure SNAT and DNAT so that ECS instances in a VPC can communicate with the Internet through NAT Gateway.


Before you begin, make sure that the following conditions are met:


An ECS instance without any public IP address is used in this example. The configuration flow chart is as follows:

  1. Create a NAT Gateway

    NAT Gateway is an enterprise-class VPC Internet gateway that provides NAT proxy services. You must create a NAT Gateway before configuring SNAT and DNAT entries.

    For more information, see Create a NAT Gateway.

  2. Associate an EIP with a NAT Gateway

    A NAT Gateway can work normally only after it is associated with a public IP address. After you create a NAT Gateway, you can associate an Elastic IP Address (EIP) with the NAT Gateway.

    For more information, see Associate an EIP.

  3. Create a DNAT entry

    NAT Gateway supports DNAT, which maps a public IP address to an ECS instance so that the ECS instance can provide Internet services. DNAT supports both port mapping and IP mapping.

    For more information, see Create a DNAT entry.

  4. Create an SNAT entry

    NAT Gateway supports SNAT, which allows ECS instances without a public IP address in a VPC to access the Internet.

    For more information, see Create an SNAT entry.