Configure DNAT Rules
Configure DNAT (Destination Network Address Translation) rules on a public NAT gateway to associate public IP addresses with instances via port or IP mapping, enabling the instances to provide services over the Internet.
Procedures
Go to NAT Rules > Create DNAT Entry on details page
Set a public ingress IP Select the elastic IPv4 address that receives incoming traffic.
Only elastic IPs already bound to the current NAT Gateway are listed.
If no suitable elastic IP is available, click New Elastic IPv4 to create and bind one.
Select a private IP
Choose the private endpoint to which traffic will be forwarded. Two options are available:
By vNIC/By Instance Select a private IP associated with a vNIC or an instance.
By Custom Private IP Manually enter a private IP address. If the private IP is not associated with an instance, the route will not take effect.
Configure protocol and port Define the protocol and ports used for the DNAT mapping.
Any Port Forwards all traffic from the public IP to the private IP without specifying ports (IP mapping).
Custom Port Specify the public port, private port, and protocol (TCP and UDP) for fine-grained control (Port mapping).
Click Confirm to save and apply the DNAT entry.
Results
In the DNAT rule list page, you can edit and delete existing DNAT entries.
Example
Map TCP Port 8080 to Port 80 on a Private Instance
To allow external HTTP access to a web service hosted on a private instance, you can configure a DNAT rule with custom protocol and port mapping.
Configuration Example:
Elastic IP (Public IP):
203.0.113.5
Protocol:
TCP
Public Port:
8080
Private IP:
192.168.1.100
Private Port:
80
Effect:
Any TCP traffic sent to 203.0.113.5:8080
will be forwarded by the NAT gateway to 192.168.1.100:80
in your global VPC.
Last updated