Configure a NAT Gateway
Last updated
Last updated
Prerequisites: Make sure you have the appropriate permissions. Only contract owners, administrators, or users with the Create Internet Access permission can set up a NAT gateway. Other user types have read-only access and can't provision changes.
Create a private network containing at least one VM.
Add a NAT gateway. Connect the interface (source network) of the NAT gateway to the private network containing your VM.
Set the properties of the NAT gateway by selecting the element in the Workspace and opening its properties in the Inspector pane > Settings. Enter the name of the NAT gateway and add a public IP address from the list of reserved IP addresses. Multiple addresses can be added.
To edit the private IP address of the NAT gateway, open the Gateway IPs. After the first provisioning, the current IP address is displayed. To change the IP address, delete the existing IP address by selecting the dropdown button next to the IP address and select Remove IP. Then select the Add IP and enter a new IP address.
Configure NAT Rules in the tab on the right. You must provision the NAT gateway before you can configure the NAT rules.
Click Create SNAT Rule and set the required properties.
Enter the name of the NAT rule.
Select TCP, UDP, ICMP, or ANY in Protocol.
Source: In Public IP, select one of the public IPs that was assigned to the NAT gateway. This specifies the address used for masking outgoing packets source address field.
Source: In Subnet, enter an individual IP address or a complete subnet (in CIDR notation e.g. 10.10.10.0/24) of the VM or network for which NAT rules are created.
Target: In Subnet, enter an individual IP address or a complete subnet (in CIDR notation e.g. 8.8.8.0/24) if you want to restrict Internet access to only that target.
(Optional) In Target, Port range, enter a start and end port range if you want to restrict Internet access to only that port or ports on the target. For example, if you want to limit your private VMs to only access the Google DNS server you could enter 8.8.8.8/32 as the target subnet and 53 as the start and end port range. Port ranges are only applicable to protocol TCP and UDP.
Click Create to persist your changes.
(Optional) Make further changes to your data center.
Provision your changes.
You must configure the Gateway IP as the route to your guest OS. Add a static route inside your VM using the IP address of the NAT gateway. This is not injected into the VM because there is no auto-configuration that ensures that the VM is using the NAT gateway IP as the default route.
