NAT Gateway

NAT gateway can provide IP address translation function for servers in public cloud VPC network, so that servers can access external network or provide Internet services.

NAT gateway can provide IP address translation function for servers in public cloud VPC network, so that servers can share EIP to access the Internet or make servers provide Internet services. Currently, it supports NAT gateways for both the Alibaba Cloud and Huawei cloud platforms.

NAT gateway provides SNAT (Source Network Address Translation), DNAT (Destination Network Address Translation) and other functions.

  • SNAT: SNAT is applicable to servers in a VPC to access the Internet. That is, multiple servers in a VPC share the same public IP to access the Internet actively.

  • DNAT: DNAT is applicable to accessing servers in a VPC from the Internet. That is, the public IP on the NAT gateway is mapped for use by the servers.

Entry: In the cloud management platform, click the top left corner of navigation menu, and click “Network/Network Services/NAT Gateway” menu item in the left menu bar that pops up to enter the NAT Gateway page.

Create NAT

This function is used to create new NAT gateways. Currently, it supports creating NAT gateways for Alibaba Cloud and Huawei Cloud.

  1. On the NAT Gateway page, click the “New” button at the top of the list to enter the New NAT Gateway page.
  2. Configure the following parameters.
    • Domain: When the administrator creates a new NAT gateway, he/she needs to specify the domain to which the NAT gateway belongs.
    • Name: The name of the NAT gateway.
    • Billing Type: including postpaid and prepaid package.
      • Postpaid: Charge according to the actual usage of the NAT gateway. This mode is suitable for scenarios where the demand will increase dramatically in an instant, and the price is more expensive than prepaid packages. Alibaba Cloud postpaid NAT gateways are charged by hour, Huawei Cloud postpaid NAT gateways are charged by day, less than a day is calculated by a day, repeatedly creating NAT gateways will repeat the charges.
      • Prepaid: It is a prepaid model with a one-time payment in advance for one month, one year or even multiple years. This model is suitable for scenarios where the demand for equipment is relatively smooth and the price is cheaper compared to postpaid. You also need to set the purchase length after choosing the yearly package.
    • Auto delete after: Set the usage time of the newly created NAT gateway, and the NAT gateway will be deleted after the set time. Only postpaid NAT gateways support expiration release.
    • Region: Set the region and zone where the NAT gateway is located.
    • Configuration: Select the specification of NAT gateway.
      • Alibaba Cloud: Postpaid supports per-usage billing, small, medium, and large. Prepaid support small, medium, and large.
      • Huawei Cloud: Both postpaid and prepaid support only small, medium, large, and super-large.
    • Network: Select VPC and IP subnet.
    • EIP (Alibaba Cloud): Select the elastic public IP to be bound to the NAT gateway, the default is not required, when you select “New elastic public IP”, you need to configure the following parameters.
      • Network billing method: Set the billing method of the EIP, including billed by traffic and billed by bandwidth.
        • Billed by traffic: Charge according to the actual transmission traffic, which can limit the peak bandwidth to avoid the cost of unexpected traffic, and will drop packets when the instantaneous bandwidth exceeds the value, which is applicable to the occasion of large network fluctuation.
        • Billed by bandwidth: Billing by transmission rate, choose fixed bandwidth, packets will be dropped when the bandwidth exceeds, applicable to scenarios with less network fluctuation.
      • Bandwidth: Set the size of bandwidth.
  3. Click “OK” button to finish the operation.

Sync Status

This function is used to get the current status of the NAT gateway.

Sync Status

  1. On the NAT gateway page, click the “Sync Status” button on the right action bar of the NAT gateway to synchronize the NAT gateway status.

Batch Sync Status

  1. Select one or more NAT gateways in the NAT gateway list, and click the “Sync Status” button at the top of the list to synchronize the status in batch.

Auto delete after

Release by expiration means to set the usage time of NAT Gateway, when the set period is exceeded, the NAT Gateway will be deleted automatically.

  1. On the NAT Gateway page, click the “More” button on the right-hand column of the NAT Gateway, and select the drop-down menu “Auto delete after” menu item to bring up the Auto delete after dialog box.
  2. Select whether to check the due date release, set the release time after checking, and click the “OK” button.
    • Click the Release Time input box to display the calendar and other contents. Support entering the date and time directly in the Release Time input box in the format of yyyy-mm-dd hh:mm:ss, and click the “OK” button.
    • Select the date in the calendar box, click the Select Time button, it will jump to the Set Time page, select the time and click the “OK” button.
    • Support quick selection of “1 hour”, “2 hours”, “3 hours”, “6 hours “1 day”, “2 days”, “1 week” button, the release time will be set to the corresponding time range, click “OK” button.
  3. After the setting is completed, the billing method column will display information such as how much time is left for the NAT Gateway to be released.
  4. If you no longer need the expiration release function, you can uncheck the expiration release in the expiration release dialog box that pops up before the release, and click the “OK” button.

Renewal

This function is used to perform the renewal operation for NAT Gateway with prepaid subscriptions.

  1. On the NAT Gateway page, click the “More” button on the right action bar of the NAT Gateway, select the drop-down menu “Renewal” menu item to bring up the renewal dialog.
  2. Select the renewal length and click “OK” button to complete the renewal operation.

Expired release Setting

This function is used to perform auto-renewal operation for NAT Gateway with prepaid subscriptions.

  1. On the NAT Gateway page, click the “More” button on the right action bar of the NAT Gateway, and select the drop-down menu “Automatic renewal settings” menu item to bring up the Automatic renewal settings dialog box.
  2. Expired release: Check Expired release and click “OK” button to set Expired release.
  3. Cancel Expired release: Uncheck Expired release and click “OK” button to cancel the auto-renewal.

Delete-Lock Setting

This function is used to set the deletion protection for NAT Gateway. NAT Gateway cannot be deleted when deletion protection is enabled for NAT Gateway; NAT Gateway can only be deleted when deletion protection is disabled for NAT Gateway.

NAT Gateway Setting Deletion Protection

  1. To disable delete protection.
    • Click on the NAT Gateway name with icon to the right of the NAT Gateway, click the “More” button in the action bar to the right of the NAT Gateway, and select the drop-down menu “Delete-Lock Setting” menu item to bring up the Delete-Lock Setting dialog box.
    • Select “Disable” delete protection and click the “OK” button.
  2. Enable Delete Protection.
    • When the right side of the NAT Gateway name is not marked with icon, click the “More” button in the action bar on the right side of the NAT Gateway and select the drop-down menu “Delete-Lock Setting” menu item to bring up the Delete-Lock Setting dialog box.
    • Select “Enable” delete protection, and click “OK” button.

Set up batch delete protection

  1. Disable Delete Protection.
    • Check one or more NAT Gateway in the NAT Gateway list, click the “Batch Action” button at the top of the list, select the drop-down menu “Delete-Lock Setting” menu item to bring up the Delete-Lock Setting dialog box.
    • Select “Disable” delete protection and click the “OK” button to disable delete protection for NAT Gateway in bulk.
  2. Enable Delete Protection.
    • Check one or more NAT Gateway in the NAT Gateway list, click the “Batch Action” button at the top of the list, and select the drop-down menu “Delete-Lock Setting” menu item to bring up the Delete-Lock Setting dialog box.
    • Select “Enable” delete protection and click the “OK” button to enable delete protection for NAT Gateway in bulk.

Delete

This function is used to delete NAT Gateway when the NAT Gateway name item has a icon on the right side of the NAT Gateway name item, it means that the NAT Gateway is enabled with deletion protection, and the NAT Gateway cannot be deleted.

delete

  1. On the NAT Gateway page, click the “More” button in the operation column on the right side of the NAT Gateway, and select the drop-down menu “Delete” menu item to bring up the operation confirmation dialog.
  2. Click the “OK” button to complete the operation.

Batch Delete

  1. Select one or more NAT Gateway in the NAT Gateway list, click the “Delete” button at the top of the list, and the operation confirmation dialog box will pop up.
  2. Click the “OK” button to complete the operation.

View NAT gateway details

  1. In the NAT Gateway list, click the NAT Gateway Name item to enter the NAT Gateway Details page.
  2. View the following information.
    • Details: including Cloud ID, ID, name, status, domain, project, share scope, platform, billing method, region, availability zone, cloud account, cloud subscription, create at, update at, and description.
    • Configuration information: Including VPC, IP subnet, intranet IP address, and specification.
    • Other information: Support to turn on or off the delete-lock.

SNAT Management

This function is based on the case of an existing NAT gateway, and enables servers in the VPC with specified IP subnets to access the public network through the EIP by creating SNAT rules. One IP subnet corresponds to one SNAT rule, if there are multiple IP subnets need to access the public network, you need to create multiple SNAT rules.

Create SNAT rule

  1. In the NAT Gateway list, click the NAT Gateway Name item to enter the NAT Gateway Details page.
  2. Click the SNAT tab to enter the SNAT page.
  3. Click the “Create” button at the top of the list to bring up the Create SNAT Entry dialog box.
  4. Configure the following information.
    • Name: Set the name of the SNAT entry.
    • Type: Include IP subnet and virtual machine.
      • When “IP Subnet” is selected as the type, you need to select a specific IP subnet, and the virtual machines under this IP subnet can access the public network.
      • When you select “Virtual Machine” as the type, you need to select a specific virtual machine, and only that virtual machine can access the public network.
    • Public IP address: Select the resilient public IP address that Yonglei provides Internet access. 5.
  5. Click the “OK” button to create the SNAT entry.

Delete SNAT entry

This function is used to delete SNAT entries.

Single Delete

  1. In the NAT gateway list, click the NAT gateway name item to enter the NAT gateway details page.
  2. Click the SNAT tab to enter the SNAT page.
  3. Click the “Delete” button in the operation column on the right of the SNAT entry to bring up the operation confirmation dialog box.
  4. Click the “OK” button to complete the operation.

Batch Delete

  1. In the NAT gateway list, click the NAT gateway name item to enter the NAT gateway details page.
  2. Click the SNAT tab to enter the SNAT page.
  3. Select one or more SNAT entries in the SNAT entries list, and click the “Delete” button at the top of the list to bring up the operation confirmation dialog box.
  4. Click the “OK” button to complete the operation.

DNAT Management

This function is based on the case of an existing NAT gateway, and enables servers inside the VPC to provide Internet access services to the outside by creating DNAT rules. One server binds one DNAT rule, and if there are multiple servers need to provide service to the Internet, you need to create multiple DNAT rules.

Create DNAT entry

    1. In the NAT gateway list, click the NAT gateway name item to enter the NAT gateway details page.
  2. Click the DNAT tab to enter the DNAT page.
  3. Click the “Create” button at the top of the list to bring up the Create DNAT Entry dialog box.
  4. Set the following parameters.
    • Name: The name of the DNAT rule.
    • Public IP address: Select the unbound resilient public IP address.
    • Server: Select the server that provides Internet services.
    • Public port: The external port on which port forwarding is performed.
    • Private port: The internal port for port forwarding.
    • Protocol Type: The protocol type of the forwarding port.
  5. Click the “OK” button to create a DNAT rule.

Delete a DNAT entry

This function is used to delete DNAT entries.

Single Delete

  1. In the NAT gateway list, click the NAT gateway name item to enter the NAT gateway details page.
  2. Click the DNAT tab to enter the DNAT page.
  3. Click the “Delete” button in the action column on the right of the DNAT entry to bring up the action confirmation dialog box.
  4. Click the “OK” button to complete the operation.

Batch Delete

  1. In the NAT gateway list, click the NAT gateway name item to enter the NAT gateway details page.
  2. Click the DNAT tab to enter the DNAT page.
  3. Select one or more DNAT entries in the DNAT entries list, and click the “Delete” button at the top of the list to bring up the operation confirmation dialog box.
  4. Click the “OK” button to complete the operation.

View Operation Log

This function is used to view the log information of NAT gateway related operations

  1. In the NAT gateway list, click the NAT gateway name item to enter the NAT gateway details page.
  2. Click the Operation Log tab to enter the Operation Log page.
    • Load More Logs: In the Operation Log page, the list shows 20 operation logs information by default. To view more operation logs, please click “Load More” button to get more log information.
    • View Log Details: Click the “View” button on the right column of the operation log to view the log details. Copy details are supported.
    • View logs of specified time period: If you want to view the operation logs of a certain time period, set the specific date in the start date and end date at the top right of the list to query the log information of the specified time period.
    • Export logs: Currently, only the logs displayed on this page are supported to be exported. Click the upper-right corner of icon, set the export data column in the pop-up export data dialog, and click the “OK” button to export the logs.