Configure DNAT Rules

Configure DNAT (Destination Network Address Translation) rules on a public NAT gateway to associate public IP addresses with instances via port or IP mapping, enabling the instances to provide services over the Internet.

Procedures

  1. Go to NAT Rules > Create DNAT Entry on details page

  2. Set a public ingress IP Select the elastic IPv4 address that receives incoming traffic.

    • Only elastic IPs already bound to the current NAT Gateway are listed.

    • If no suitable elastic IP is available, click New Elastic IPv4 to create and bind one.

  3. Select a private IP

    Choose the private endpoint to which traffic will be forwarded. Two options are available:

    • By vNIC/By Instance Select a private IP associated with a vNIC or an instance.

    • By Custom Private IP Manually enter a private IP address. If the private IP is not associated with an instance, the route will not take effect.

  4. Configure protocol and port Define the protocol and ports used for the DNAT mapping.

    • Any Port Forwards all traffic from the public IP to the private IP without specifying ports (IP mapping).

    • Custom Port Specify the public port, private port, and protocol (TCP and UDP) for fine-grained control (Port mapping).

  5. Click Confirm to save and apply the DNAT entry.

Note

When SNAT is also configured, the DNAT-mapped elastic IP takes priority for outbound access. Ensure port mappings and IP selections do not conflict.

Results

In the DNAT rule list page, you can edit and delete existing DNAT entries.

Note

  • Editing NAT rules may cause service disruption. Proceed with caution.

  • Deleting resources may affect ongoing services. The related resources will be unbound. Proceed with caution.

Example

Map TCP Port 8080 to Port 80 on a Private Instance

To allow external HTTP access to a web service hosted on a private instance, you can configure a DNAT rule with custom protocol and port mapping.

Configuration Example:

  • Elastic IP (Public IP): 203.0.113.5

  • Protocol: TCP

  • Public Port: 8080

  • Private IP: 192.168.1.100

  • Private Port: 80

Effect:

Any TCP traffic sent to 203.0.113.5:8080 will be forwarded by the NAT gateway to 192.168.1.100:80 in your global VPC.

Last updated