NAT gateways support Destination Network Address Translation (DNAT). You can create DNAT entries to map public IP addresses to Elastic Compute Service (ECS) instances in a Virtual Private Cloud (VPC) network. This way, the ECS instances can receive requests from the Internet.

DNAT entries

You can configure port mapping when you create a DNAT entry. After the DNAT entry is created, requests destined for the specified public IP address are forwarded to the ECS instances in a VPC network based on the port mapping rule.

Each DNAT entry consists of the following elements:
  • Public IP address: the elastic IP address (EIP) associated with the NAT gateway.
    Note If your NAT service plan was purchased before January 26, 2018, static public IP addresses in the NAT service plan are used in the DNAT entry.
  • Private IP address: the private IP address assigned to the ECS instance in the VPC network.
  • Public port: the external port where requests from the Internet are received.
  • Private port: the internal port to which the requests received on the external port are forwarded.
  • Protocol type: the protocol used by the ports.

Port mapping and IP mapping

The DNAT feature supports port mapping and IP mapping:

  • Port mapping
    After port mapping is configured, a NAT gateway forwards requests destined for a public IP address to the specified ECS instance based on the specified protocol and ports. The following DNAT entries are used as examples:
    • Entry 1: The NAT gateway forwards requests destined for TCP port 80 of ECS instance 1.1.1.1 to TCP port 80 of ECS instance 192.168.1.1.
    • Entry 2: The NAT gateway forwards requests destined for UDP port 8080 of ECS instance 2.2.2.2 to UDP port 8000 of ECS instance 192.168.1.2.
    DNAT entry Public IP address Public port Private IP address Private port Protocol
    Entry 1 1.1.1.1 80 192.168.1.1 80 TCP
    Entry 2 2.2.2.2 8080 192.168.1.2 8000 UDP
  • IP mapping

    After IP mapping is configured, a NAT gateway forwards all requests destined for a public IP address to the specified ECS instance. The following entry is used as an example:

    Entry 3: The NAT gateway forwards requests destined for ECS instance 3.3.3.3 to ECS instance 192.168.1.3.

    DNAT entry Public IP address Public port Private IP address Private port Protocol
    Entry 3 3.3.3.3 Any 192.168.1.3 Any Any