NAT Gateway supports the DNAT function, which maps a public IP address to an ECS instance so that the ECS instance can provide Internet services. DNAT supports both port mapping and IP mapping.


A NAT Gateway is created and the NAT Gateway is associated with an EIP. For more information, see Create a NAT Gateway and Associate an EIP.
Note If your account has purchased a bandwidth package before January 26, 2018, make sure there is an available public IP address in the bandwidth package.


  1. Log on to the VPC console.
  2. In the left-side navigation pane, click NAT Gateways.
  3. Select the region of the NAT Gateway.
  4. On the NAT Gateways page, find the target NAT Gateway instance and click Configure DNAT in the Actions column.
  5. On the DNAT Table page, click Create DNAT Entry.
  6. On the Create DNAT Entry page, configure the DNAT entry according to the following information and click OK.
    Configuration Description
    Public IP Select a public IP address.
    Note An IP address that is already being used in an SNAT entry cannot be selected.
    Private IP Select the private IP address of the ECS instance to access the Internet. You can specify the private IP address in the following ways:
    • Auto Fill: Select an ECS instance from the ECS instance or ENI list.
    • Manually Input: Enter the private IP address that you want to map.
      Note It must be within the private CIDR block of the VPC. You can also enter an existing private IP address of the ECS instance.
    Port Settings DNAT supports IP mapping and port mapping. Select a mapping method:
    • All Ports: Select this option to configure IP mapping. This is the same as associating an EIP with the ECS instance. If this method is used, all requests destined for the public IP address are directed to the ECS instance.
    • Specific Port: Select this option to configure port mapping. After this method is used, NAT Gateway forwards the requests from the specified protocol and port to the specified port of the ECS instance.

      After you select Specific Port, enter Public Port (the external port used for traffic forwarding), Private Port (the internal port used for traffic forwarding) and the IP Protocol (the protocol type of the port).