All Documents
Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Found 0 result in total

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Virtual Private Cloud (VPC)

View more results
Document title with current keyword not found
Directory
Expand AllFold All Up
No products found with this keyword
Documentation Virtual Private Cloud (VPC) Quick Start NAT Create a DNAT rule to provide Internet-facing services

Create a DNAT rule to provide Internet-facing services

Last updated:2021-10-11 17:58:53

Kingsoft Cloud Network Address Translation (NAT) provides the destination network address translation (DNAT) feature. DNAT translates the public IP address of a NAT instance for Kingsoft Cloud Elastic Compute (KEC) instances to provide services over the Internet. DNAT supports both port mapping and IP address mapping.

Background

  1. If an IP address is bound to a DNAT rule, you cannot delete this IP address.
  2. An IP address can be used by a DNAT rule for port mapping and a source network address translation (SNAT) rule at the same time.

Create a DNAT rule

  1. Go to the NAT page in the Virtual Private Cloud (VPC) console.
  2. On the NAT page, click the name of the target NAT instance to go to its details page.
  3. On the DNAT tab, click Create DNAT Rule.

  4. In the Create DNAT Rule dialog box, specify the following parameters and click Confirm.

    NAT IP: the public IP address used for communication over the Internet. Private IP Address: the private IP address of an instance that requires communication over the Internet based on the DNAT rule. Public Network Port: the port number of the public IP address. It is an external port for port forwarding. Private Network Port: the port number of the private IP address. Protocol Type: the type of the protocol used for port forwarding.

IP address mapping

Description: The NAT instance forwards all requests that access the specified public IP address to the target server, without changing the protocol or port number. Limits: The NAT instance must have at least two IP addresses and at least one of them is not bound to any port mapping rules. Example: Public IP address Public port number Private IP address Private port number Protocol type
11.11.11.11 Any 192.168.0.33 Any IP

In this example, the NAT instance automatically forwards all requests from the Internet that access 11.11.11.11 to the instance with a private IP address of 192.168.0.33.

Port mapping

Description: The NAT instance forwards all requests that access the specified public IP address from the specified port over the specified protocol to the specified port of the target server. Limits:

  • An IP address cannot be used by a DNAT rule for mapping all ports and an SNAT rule at the same time.
  • A port that is bound to a DNAT rule cannot be used as the outbound source port of an SNAT rule. If the port is in use by an SNAT rule, the SNAT connection is disconnected.
  • You can bind a DNAT rule to a KEC instance that is bound with an elastic IP address (EIP). However, if a KEC instance is bound with an EIP, the SNAT rules bound to the KEC instance do not take effect.
  • An IP address cannot be used for port mapping and IP address mapping at the same time. You must have at least two IP addresses bound to the NAT instance.
Examples: Public IP address Public port number Private IP address Private port number Protocol type
1.1.1.1 80 192.168.1.1 80 TCP
2.2.2.2 8080 192.168.1.2 8000 UDP

In the first example, NAT automatically forwards requests that access the public IP address 1.1.1.1 from port TCP 80 to port TCP 80 of the private IP address 192.168.1.1. In the second example, NAT forwards requests that access the public IP address 2.2.2.2 from port UDP 8000 to port UDP 8000 of the private IP address 192.168.1.2.

On this page
Previous:Create an SNAT rule to access the Internet
Next:Best Practice
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback