What Is NAT Gateway?

Public NAT gateways are used to provide NAT.

Public NAT Gateways

A public NAT gateway enables cloud and on-premises servers in a private subnet to access the Internet or provide services accessible from the Internet. Cloud servers are ECSs in a VPC. On-premises servers are servers in on-premises data centers that connect to a VPC through Direct Connect or Virtual Private Network (VPN). A public NAT gateway supports up to 20 Gbit/s of bandwidth.

Public NAT gateways offer source NAT (SNAT) and destination NAT (DNAT).

  • SNAT translates private IP addresses into elastic IP addresses (EIPs), allowing traffic from a private network to go out to the Internet.

    Figure 1 shows how an SNAT rule works.

    **Figure 1** NAT gateway with an SNAT rule

    Figure 1 NAT gateway with an SNAT rule

  • DNAT enables multiple servers within an AZ or across multiple AZs in a VPC to share EIPs to provide services accessible from the Internet. With an EIP, a NAT gateway forwards the Internet requests from only a specific port and over a specific protocol to a specific port of a server, or it can forward all requests to the server regardless of which port they originated on.

    Figure 2 shows how a DNAT rule works.

    **Figure 2** NAT gateway with a DNAT rule

    Figure 2 NAT gateway with a DNAT rule

How Do I Access the NAT Gateway Service?

You can access the NAT Gateway service through the management console or using HTTPS-based APIs.

  • Management console

    Log in to the management console and choose NAT Gateway from the service list to perform operations on the NAT gateway.

  • APIs

    Use APIs if you need to integrate NAT Gateway into your own system solution. For details, see the NAT Gateway API Reference.