NAT Gateway:Create and manage SNAT entries on a VPC NAT gateway

Background information

• If the source CIDR blocks of multiple SNAT entries overlap with each other, the CIDR block with the longest subnet mask is used.

  • For example, if you create an SNAT entry for an ECS instance, the subnet mask of the source CIDR block is /32, which is the longest subnet mask. Therefore, the SNAT entry has the highest priority.

  • For SNAT entries that you create for other resources, such as vSwitches, VPCs, and custom CIDR blocks, the system determines the priorities of the SNAT entries based on the subnet mask length of the source CIDR block. The longer the subnet mask, the higher the priority.

• You can specify an IP address in both a DNAT entry and an SNAT entry configured on a VPC NAT gateway.

Prerequisites

• A VPC NAT gateway is created. For more information, see Create and manage a VPC NAT gateway.

• To create SNAT entries for a vSwitch, make sure that a vSwitch is created in the VPC to which the VPC NAT gateway belongs. For more information, see Create and manage a vSwitch.

• To create SNAT entries for an Elastic Compute Service (ECS) instance, make sure that an ECS instance is created in the VPC to which the VPC NAT gateway belongs. For more information, see Create an instance by using the wizard.

Create an SNAT entry

1. Log on to the NAT Gateway console.
2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
3. In the top navigation bar, select the region where the VPC NAT gateway is created.
4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click SNAT Management in the Actions column.
5. On the SNAT Management tab, click Create SNAT Entry.

6. On the Create SNAT Entry page, set the following parameters and click OK.

   Parameter	Description
   SNAT Entry	Specify whether you want to create an SNAT entry for a VPC, a vSwitch, an ECS instance, or a custom CIDR block. Specify VPC: All ECS instances in the VPC to which the VPC NAT gateway belongs use the SNAT entry to access external private networks. Specify vSwitch: The ECS instances that belong to the specified vSwitch use the SNAT entry to access external private networks. Select vSwitch: Select a vSwitch from the drop-down list. You can select a vSwitch from the drop-down list or click Create vSwitch to create a vSwitch in the VPC console. If you select multiple vSwitches, the system creates multiple SNAT entries that use the same IP address. vSwitch CIDR Block: displays the CIDR block of the vSwitch. Specify ECS Instance: The specified ECS instance uses the SNAT entry to access external private networks. Select ECS Instance: Select an ECS instance from the drop-down list. The ECS instance uses the SNAT entry to access external private networks. Make sure that the ECS instance runs as expected. You can select an ECS instance from the drop-down list or click Create ECS Instance to create an ECS instance in the ECS console. If you select multiple ECS instances, the system creates multiple SNAT entries that use the same IP address. ECS CIDR Block: displays the CIDR block of the ECS instance. Specify Custom CIDR Block: You can specify a custom CIDR block in the Custom CIDR Block field. ECS instances that belong to the custom CIDR block use the SNAT entry to access external private networks.
   Select NAT IP Address	Select the NAT IP address that is used to access external private networks. Note You can also click Create NAT IP Address in the drop-down list to add an IP address in the Add NAT IP Address dialog box.
   Entry Name	Enter a name for the SNAT entry. The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). The name must start with a letter.

Modify an SNAT entry

You can change the name and IP address of an SNAT entry after you create the SNAT entry. However, you cannot change the VPC, vSwitch, or ECS instance specified in the SNAT entry.

1. Log on to the NAT Gateway console.
2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
3. In the top navigation bar, select the region where the VPC NAT gateway is created.
4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click SNAT Management in the Actions column.

5. In the SNAT Entry List section, find the SNAT entry that you want to manage and click Edit in the Actions column.

6. On the Edit SNAT Entry page, replace the IP address or change the name of the SNAT entry and click Confirm.

Delete an SNAT entry

You can delete an SNAT entry that is no longer needed.

1. Log on to the NAT Gateway console.
2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
3. In the top navigation bar, select the region where the VPC NAT gateway is created.

4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click SNAT Management in the Actions column.

5. In the SNAT Entry List section, find the SNAT entry that you want to delete and click Delete in the Actions column.

6. In the Delete SNAT Entry message, click OK.

References

You can call the following API operations.

• CreateSnatEntry: adds an SNAT entry to an SNAT table

• ModifySnatEntry: modifies an SNAT entry

• DeleteSnatEntry: deletes an SNAT entry