<p><strong><span style="font-size:18px">What is the difference between the NAT gateway and the IGW?</span></strong></p> <p>IGW (Internet Gateway) is the Internet access service provided for the Ping An Cloud users in East China region. Users in regions other than East China can access the Internet through the NAT gateway.</p> <p>IGW integrates functions of DNAT and policy, while NAT gateway can only translate IP addresses. The policy function is featured in products including the security group and firewall, which are more standardized. When you use the NAT gateway, you need to integrate the NAT gateway with the security group to ensure the security of the Internet access.</p> <p><strong><span style="font-size:18px">How many NAT gateways can I create?</span></strong></p> <p>Users can create only one NAT gateway for each VPC.</p> <p><strong><span style="font-size:18px">What Internet access modes does NAT gateway support?</span></strong></p> <p>NAT gateway supports three modes to access the Internet, including the SNAT, the IP mapping of DNAT, and the port mapping of DNAT.</p> <p><strong><span style="font-size:18px">What are the differences between the three access modes of the NAT gateway?</span></strong></p> <p>&bull;&nbsp;<strong>SNAT</strong>: It is initiated by the private IP to enable shared IP addresses on the intranet to access the Internet. It only provides active access to the Internet, rather than providing external services to the Internet.</p> <p>&bull;&nbsp;<strong>IP mapping of DNAT</strong>: It provides active and passive access ability to the Internet. The access request to the Internet can be initiated from both the ECS in the VPC and the Internet client. But you cannot save public IP addresses by using this method.</p> <p>&bull;&nbsp;<strong>Port mapping of DNAT</strong>: Its connection is initiated by external addresses, and it is mainly used for the external release of the intranet service. It only provides passive access to the Internet, rather than providing active access to the Internet.</p> <p><strong><span style="font-size:18px">Can I configure DNAT and SNAT rules at the same time for one public IP?</span></strong></p> <p>No, you cannot.</p> <p><strong><span style="font-size:18px">If one ECS instance has both SNAT rule and DNAT rule configurations, which one should be given priority?</span></strong></p> <p>DNAT rules should be given priority.</p> <p><strong><span style="font-size:18px">Why cannot I communicate to the Internet after configuring SNAT and DNAT rules for the NAT gateway?</span></strong></p> <p>After configuring SNAT and DNAT rules, you still need to configure the security group, and select the IN or OUT direction of the security group rule. In that way, you can realize the communication between ECSs in the VPC and the Internet.</p>