The Network Address Translation (NAT) gateway allows VMs, inside a Virtual Data Center (VDC), to access the Internet, without requiring a public network interface. The NAT gateway can act as a default gateway for private networks. This allows VMs to initiate connections to the Internet and receive a response, but not to receive inbound connections initiated from the Internet. VMs are “hidden” from the Internet and thereby are not exposed to Internet threats.
Using a NAT gateway increases security, simplifies the VDC architecture, requires only one public IP address, has a fully managed service. A NAT gateway can be used to connect private VMs to public repositories, for software updates, or to NTP (Network Time Protocol) servers. Alternatively, you can use the IONOS Backup Service for private VMs. In this case, the VM does not need to publish any service to the Internet, but only needs to consume services from the Internet.

Specifications of the NAT gateway are as follows:
  • Supports TCP, UDP, ICMP, and up to six private networks per NAT gateway.
  • Multiple public IP addresses and SNAT rules per NAT gateway.
  • Multiple NAT Gateways per VDC.
  • Default resource limit for NAT gateway is set to five per account. If more are required, please contact our support.

The routing table must be modified for private VMs to send traffic to the NAT gateway. The default route must point to the NAT gateway or, if this is not possible, a dedicated route must be created for every service or target to be consumed from the Internet.
If DNS on a VM, which has the default route defined to use the SourceNAT gateway, is required, you must ensure that proper SNAT rules for UDP are in place. Failing to do so may result in default DNS resolution not working.
Export as PDF
Copy link
On this page
Routing tables