DNAT maps an elastic IP address (EIP) to the private IP address of an ENS instance through port mapping, allowing the instance to accept inbound connections from the Internet.
How it works
When a client sends a request to the EIP associated with the edge NAT gateway:
Address translation: The gateway receives the packet and uses the DNAT entry to translate the destination address from the EIP to the private IP address of the ENS instance.
Packet forwarding: The translated packet is forwarded to the ENS instance.
Response: When the ENS instance responds, the gateway translates the source address back to the EIP before returning the packet to the client.
Prerequisites
Before you begin, make sure that you have:
An edge NAT gateway associated with an EIP. For more information, see Create and manage edge NAT gateways.
Constraints
If an ENS instance already has a public IP address or is associated with an EIP, release the public IP address or disassociate the EIP before creating a DNAT entry for that instance.
Create a DNAT entry
Log on to the ENS console.ENS console
In the left-side navigation pane, click NAT Gateway.
On the NAT Gateway page, find the NAT gateway and click Manage in the Actions column.
On the DNAT tab, click Create DNAT Entry.
On the Configure DNAT page, configure the following parameters.
Parameter Description Entry Name The name of the DNAT entry. Public IP Address The EIP used to receive inbound Internet traffic. The EIP cannot be shared with a SNAT entry. ENS Instance The ENS instance that provides services through this DNAT entry. Select from the drop-down list. Public Port The external port or port range for port forwarding. Valid values: 1 to 65535. For a port range, separate the start and end ports with a forward slash ( /), for example,10/20.Private Port The internal port or port range that maps to the public port. The port range must contain the same number of ports as Public Port. For example, if Public Port is 10/20(11 ports), set Private Port to a range of 11 ports, such as80/90.Protocol The protocol for port forwarding. Valid values: TCP, UDP, and Any. Click Create.
Delete a DNAT entry
Delete a DNAT entry when the ENS instance no longer needs to provide Internet-facing services through this mapping.
Log on to the ENS console.ENS console
In the left-side navigation pane, click NAT Gateway.
On the NAT Gateway page, find the NAT gateway and click Manage in the Actions column.
On the DNAT tab, find the DNAT entry and click Delete in the Actions column.
In the dialog box that appears, click OK.
FAQ
Why can't I find an EIP in the list when creating a DNAT entry?
The EIP list only shows EIPs associated with the edge NAT gateway. If the list is empty, associate an EIP with the NAT gateway and try again.
Can I create a DNAT entry for an ENS instance that already has an EIP?
Not directly. Disassociate the EIP from the ENS instance first, then create the DNAT entry.
Why can't I access an ENS instance over the Internet after setting up a DNAT entry?
Check the following in order:
Security group rules: Confirm that the security group of the ENS instance allows inbound traffic on the private port specified in the DNAT entry. If it does not, add an inbound rule to allow the traffic.
Route table: Confirm that the route table contains a route with the destination CIDR block
0.0.0.0/0and the next hop set to the NAT gateway. The ENS instance requires this route to return responses through the NAT gateway. Add the route if it does not exist.