AI Model Hub for free till June 30, 2025.
Try now
Test nowLog inShare Feedback

Configure a NAT Gateway

Prerequisites: Make sure you have the appropriate permissions. Only contract owners, administrators, or users with the Create Internet Access permission can set up a NAT gateway. Other user types have read-only access and can't provision changes.

Procedure

1. In the DCD, go to Menu > Virtual Data Centers.

2. Select the data center where you want to configure a NAT gateway.

Select a Virtual Data Center (VDC)

3. Create a private network containing at least one VM.

4. Add a NAT Gateway. Connect the interface (source network) of the NAT gateway to the private network containing your VM.

5. Set the properties of the NAT gateway by selecting the element in the Workspace and opening its properties in the Inspector pane > Settings tab. Enter the name of the NAT gateway and add a public IP address from the list of reserved IP addresses. Multiple addresses can be added.

Configure Gateway IP addresses

6. To edit the private IP address of the NAT gateway, open the Gateway IPs tab. After the first provisioning, the current IP address is displayed. To change the IP address: a. Select Remove IP from the drop-down list next to the current IP address to delete it. b. Next, select Add IP and enter a new IP address.

Configure Gateway IP addresses

7. Configure NAT Rules in the tab on the right. You must provision the NAT gateway before you can configure the NAT rules.

Configuration of NAT Rules

Select Create SNAT Rule and set the required properties.

  • Enter the name of the NAT rule.

  • Select TCP, UDP, ICMP, or ANY in Protocol.

  • Source: In Public IP, select one of the public IP addresses assigned to the NAT gateway. This address specifies the masking of the outgoing packets' source address field.

  • Source: In Subnet, enter an individual IP address or a complete subnet (in a CIDR notation. Example: 10.10.10.0/24) of the VM or network for which NAT rules are created.

  • Target: In Subnet, enter an individual IP address or a complete subnet (in a CIDR notation. Example: 8.8.8.0/24) if you want to restrict Internet access to only that target.

  • (Optional) In Target, Port range, enter a start and end port range if you want to restrict Internet access to only that port or ports on the target. For example, if you want to limit your private VMs to only access the Google DNS server you could enter 8.8.8.8/32 as the target subnet and 53 as the start and end port range. Port ranges are only applicable to protocol TCP and UDP.

  • Click Create to save your changes.

  • (Optional) Make further changes to your data center.

8. Provision your changes.

Info: You must configure the Gateway IP as the route to your guest OS. Add a static route inside your VM using the IP address of the NAT gateway. This is not injected into the VM because there is no auto-configuration that ensures that the VM is using the NAT gateway IP address as the default route.

PreviousOverviewNextManaged Network Load Balancer

Last updated

Was this helpful?