RegisterLogin
docs
vpc
Operation Guide
NAT Gateway

NAT Gateway

NAT Gateway is an enterprise-level VPC public network gateway that allows cloud resources in the subnet that are not bound with elastic IP to access the external network. It can also configure port forwarding rules to enable cloud resources to provide services to the external network.

Create NAT Gateway

  • Log in to the console, select "Private Network VPC" in [products and services], enter the private network page, and choose the NAT Gateway tab.
  • Click ‘Create NAT Gateway', a new window will pop up.

  • In the new window, select VPC and subnet, select 'Normal Mode' for external network mode, select the external network IP, bandwidth and firewall required by NAT Gateway, and then click 'OK'.

  • After creation, you can see the information of NAT Gateway in the list.

  • After the NAT Gateway is created, specify the cloud resources in the subnet that are not bound with elastic IP, and they can use NAT Gateway to access the external network.

Whitelist Mode

NAT Gateway also provides whitelist mode.

In whitelist mode, only the cloud resources specified in NAT Gateway and defined in the whitelist can access the external network through the NAT Gateway.

  • To create a NAT Gateway, select 'Whitelist Mode', the rest is the same as 'Normal Mode'.

  • The newly created NAT Gateway has an empty whitelist, none of the cloud resources can access the external network, the whitelist needs to be configured. Click the 'Manage' button in the list to enter the NAT Gateway details page.

  • Click the 'Mode Management’ tab to manage the whitelist.
  • Click 'Add Whitelist' to add the desired primary resources.
  • After clicking ‘OK’, the whitelist takes effect and the cloud resources on the whitelist can access the external network.

Port Forwarding

Configure port forwarding to allow a port of cloud resources to be accessed by the external network, so as to provide services or perform management.

  • On the NAT Gateway details page, switch to the 'Port Forwarding' tab.
  • Click 'Add Forwarding Rule' to add new rules.

  • Click the 'Modify' button to modify existing rules.

  • Click the 'Delete' button to delete existing rules.

Egress Rules

Configure the network egress to allow NAT Gateway to specify the subnet's single cloud resource to use elastic IP to access the external network, or you can specify all cloud resources to access the external network via load balancing or fixed EIP.

On the NAT Gateway details page, switch to the 'External Elastic IP' tab, in the "External Elastic IP " module, you can manage the elastic IP bound to NAT Gateway,

  • Click the "Binding" button to choose to bind the elastic IP that has not been bound to this NAT Gateway.
  • Click the "Unbind" button to unbind the elastic IP currently bounded to the NAT gateway.
  • Click the "Change Bandwidth" button to adjust the bandwidth limit of the current elastic IP.

In the "Egress Rules" module, you can manage the egress of the NAT Gateway.

  • There is a "default egress rule" by default, which records the default gateway of this NAT Gateway. It can be modified through the "Edit" button, but it cannot be deleted. The default egress rules have the lowest priority.
  • When setting the NAT's default egress rule to the load balancing mode, the outbound traffic will be allocated according to the hash algorithm. The update of EIP will not affect the existing connections, and the new connections will be evenly distributed according to the current number of EIPs.
  • Click the "Edit" button to add egress rules, you can specify the egress for a single cloud resource.
  • After successful addition, you can modify the rules. The default rules can modify the target IP, i.e., the egress IP. Other egress rules can modify the name and the target IP.

Hybrid Cloud (Hosted Cloud) Using NAT

The public network exit of the Hosted Cloud can only support one of NAT or Hosted external network IP. If you need to connect to the public network via NAT, the operation steps are as follows:

Step 1: The default route of the Hosted machine points to the internal network CE.

Step 2: Contact after-sales consultation (opens in a new tab) or the architect, and the SurferCloud engineer adds routes to the internal network gateway and upgrades the Hosted gateway to UXR (some gateways have been upgraded to UXR, and there will be a second-level jitter in the traffic between the Hosted and public clouds during the upgrade.).

Step 3: Users create a NAT instance on the NAT page, and the corresponding VPC is "Hosted Cloud VPC".

Currently, only North China One, Shanghai Two, Guangzhou, Hong Kong, and Singapore are supported.

SubnetInternal VIP
support01@surfercloud.com
FollowUS
  • Company
  • ContactUs
  • Blog
Copyright © 2024 SurferCloud All Rights Reserved