Access the Internet through SNAT
<p>This article describes how to enable ECS instances in the VPC to access the Internet through the SNAT function of the NAT gateway.</p>
<p><strong><span style="font-size:18px">Prerequisites</span></strong></p>
<p>• You have successfully purchased a VPC, and created a DMZ network domain and subnet. For more information, see <a href="https://yun.pingan.com/ssr/help/network/vpc/quick_start.cvcti" target="_blank">Quick Start</a> of VPC.</p>
<p>• You have already purchased a ECS instance in the subnet of the DMZ network domain of the VPC.</p>
<p><strong><span style="font-size:18px">Limitations</span></strong></p>
<p>• You can apply for a maximum of five public IP addresses for one bandwidth package.</p>
<p>• The maximum bandwidth is 200 Mbps. If you want to purchase a bandwidth package with a size of more than 200 Mbps, submit a ticket to apply for it.</p>
<p><strong><span style="font-size:18px">Step 1: Create a NAT Gateway</span></strong></p>
<p>1. Log in to the <a href="https://www.pinganyun.com/console/vpc/overview" target="_blank">VPC Console</a>.</p>
<p>2. Click <strong>NAT Gateway</strong> in the left navigation pane to enter the <strong>NAT Gateway</strong> page.</p>
<p>3. Click <strong>Create</strong> in the upper-right corner to enter the <strong>Create NAT Gateway</strong> page.</p>
<p>4. Create NAT gateway based on the following information.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115207-1806430b9ca2.png" style="height:361px; width:830px" /></p>
<p><strong>Configuration Service</strong></p>
<table border="1" cellpadding="0" cellspacing="0" style="width:0px">
<tbody>
<tr>
<td style="background-color:#ededed; width:161px">
<p><strong>Configuration item</strong></p>
</td>
<td style="background-color:#ededed; vertical-align:top; width:622px">
<p><strong>Description</strong></p>
</td>
</tr>
<tr>
<td style="width:161px">
<p>Region</p>
</td>
<td style="vertical-align:top; width:622px">
<p>Select the region for the VPC that needs to create the NAT gateway.</p>
</td>
</tr>
<tr>
<td style="width:161px">
<p>VPC</p>
</td>
<td style="vertical-align:top; width:622px">
<p>Select the VPC that the NAT gateway belongs to.</p>
</td>
</tr>
<tr>
<td style="width:161px">
<p>Specification</p>
</td>
<td style="vertical-align:top; width:622px">
<p>Select the specification for the NAT gateway. Currently NAT gateway has small and medium specifications which are priced differently. For more information, see <a href="https://yun.pingan.com/ssr/help/network/NAT_Gateway/Product_Profile.spec" target="_blank">Specifications</a> and <a href="https://yun.pingan.com/ssr/help/network/NAT_Gateway/buy.Price" target="_blank">Billing Overview</a>.</p>
</td>
</tr>
<tr>
<td style="width:161px">
<p>Billing method</p>
</td>
<td style="vertical-align:top; width:622px">
<p>Currently, the NAT gateway is charged by hour.</p>
</td>
</tr>
<tr>
<td style="width:161px">
<p>Description</p>
</td>
<td style="vertical-align:top; width:622px">
<p>Enter the custom descriptive name of the NAT gateway.</p>
</td>
</tr>
</tbody>
</table>
<p>5. Click <strong>Purchase</strong> to enter the <strong>Order Confirmation</strong> page.</p>
<p>6. Click <strong>CONFIRM OPEN</strong> to enter the <strong>Payment Result</strong> page.</p>
<p>7. Click <strong>MANAGE CONSOLE</strong> to return to the <strong>NAT Gateway</strong> page.</p>
<p><strong><span style="font-size:18px">Step 2: Create a Bandwidth Package</span></strong></p>
<p>1. Click the name of the NAT gateway created in Step 1 to enter the <strong>NAT Detail</strong> page.</p>
<p>2. Click the <strong>Bandwidth</strong> tab.</p>
<p>3. On the <strong>Bandwidth</strong> tab, click <strong>Create</strong> in the upper-right corner to enter the <strong>Create Broadband</strong> page.</p>
<p>4. Create broadband based on the following information.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115234-1d9b82859b90.png" style="height:382px; width:719px" /></p>
<p><strong>Basic Information</strong></p>
<table border="1" cellpadding="0" cellspacing="0" style="width:0px">
<tbody>
<tr>
<td style="background-color:#ededed; width:175px">
<p><strong>Configuration item</strong></p>
</td>
<td style="background-color:#ededed; vertical-align:top; width:608px">
<p><strong>Description</strong></p>
</td>
</tr>
<tr>
<td style="width:175px">
<p>ISP</p>
</td>
<td style="vertical-align:top; width:608px">
<p>Select the Internet service provider.</p>
<p>Remarks: The carrier link of BGP is online on April 29th, 2020. The launch of this function will not affect (such as the use and new purchases of) existing users who have already purchased the MAN. For users who do not purchase the NAT gateway bandwidth package of MAN carrier, only the purchase of carrier link of BGP is offered.</p>
</td>
</tr>
<tr>
<td style="width:175px">
<p>Total bandwidth</p>
</td>
<td style="vertical-align:top; width:608px">
<p>Select the bandwidth in the range of 1 to 200. The bandwidth package is billed based on the size.</p>
</td>
</tr>
<tr>
<td style="width:175px">
<p>Billing method</p>
</td>
<td style="vertical-align:top; width:608px">
<p>Currently, the bandwidth package is charged by hour.</p>
</td>
</tr>
<tr>
<td style="width:175px">
<p>Internet IP amount</p>
</td>
<td style="vertical-align:top; width:608px">
<p>Select the number of public IP addresses in the range of one to five.</p>
</td>
</tr>
</tbody>
</table>
<p>5. Click <strong>Purchase</strong> to enter the <strong>Order Confirmation</strong> page.</p>
<p>6. Click <strong>CONFIRM OPEN</strong> to enter the <strong>Payment Result</strong> page.</p>
<p>7. Click <strong>MANAGE CONSOLE</strong> to return to the <strong>NAT Gateway</strong> page.</p>
<p><strong><span style="font-size:18px">Step 3: Create an SNAT Rule</span></strong></p>
<p>1. Click the name of the NAT gateway created in Step 1 to enter the <strong>NAT Detail</strong> page.</p>
<p>2. Click the <strong>SNAT Rule </strong>tab.</p>
<p>3. Click <strong>Create</strong> in the upper-right corner to enter the <strong>Create SNAT Rule</strong> page.</p>
<p>4. Create an SNAT rule based on the following information.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115302-1434153a9caa.png" style="height:438px; width:543px" /></p>
<p><strong>Basic Information</strong></p>
<table border="1" cellpadding="0" cellspacing="0" style="width:0px">
<tbody>
<tr>
<td style="background-color:#ededed; width:176px">
<p><strong>Configuration item</strong></p>
</td>
<td style="background-color:#ededed; vertical-align:top; width:607px">
<p><strong>Description</strong></p>
</td>
</tr>
<tr>
<td style="width:176px">
<p>Source CIDR</p>
</td>
<td style="vertical-align:top; width:607px">
<p>Select the source CIDR.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115453-12653d9c90f3.png" style="height:23px; margin:1px; width:50px" />: Source CIDR is the subnet IP address of the DMZ network domain of the VPC that NAT gateway belongs to. Once the SNAT rule is created, all ECSs in the subnet can access the Internet.</p>
</td>
</tr>
<tr>
<td style="width:176px">
<p>Internet IP</p>
</td>
<td style="vertical-align:top; width:607px">
<p>Select one or multiple public IP addresses.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115453-12653d9c90f3.png" style="height:23px; margin:1px; width:50px" />: The public IP selected here is the public IP applied in Step 2.</p>
</td>
</tr>
</tbody>
</table>
<p>5. Click <strong>Create</strong> to return to the <strong>SNAT Rule </strong>tab, where you can view the newly created SNAT rule.</p>
<p><strong><span style="font-size:18px">Step 4: Configure a Security Group</span></strong></p>
<p>1. Log in to the <a href="https://yun.pingan.com/console/ecs/overview" target="_blank">ECS Console</a>.</p>
<p>2. In the left navigation pane, click <strong>Networks</strong> > <strong>Security Group</strong> to enter the <strong>Security Group</strong> page.</p>
<p>3. Click <strong>Create</strong> in the upper-right corner to open the <strong>Create Security Group</strong> dialog box.</p>
<p>4. Select the VPC and DMZ network domain which the NAT gateway belongs to, and click <strong>Confirm</strong> to create a security group.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115349-120d017a91ee.png" style="height:309px; width:767px" /></p>
<p>5. Click the name of the security group created to enter the <strong>Security Group Information</strong> page.</p>
<p>6. On the <strong>ECS</strong> <strong>Instance</strong> tab, click <strong>Add</strong> in the upper-right corner, and the <strong>Binding </strong>dialog box will open.</p>
<p>7. Select the ECS instance needed to access the Internet, and click <strong>Confirm</strong> to add the ECS instance to the security group.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115410-1e89213398ca.png" style="height:328px; width:830px" /></p>
<p>8. Click the <strong>Security Group Rule</strong>s tab, and click <strong>Create</strong> in the upper-right corner on the tab. The dialog box of <strong>Create Security Group Rule</strong>s will open.</p>
<p>9. Create a security group based on the following information.</p>
<table border="1" cellpadding="0" cellspacing="0" style="width:0px">
<tbody>
<tr>
<td style="background-color:#ededed; width:172px">
<p><strong>Configuration item</strong></p>
</td>
<td style="background-color:#ededed; vertical-align:top; width:610px">
<p><strong>Description</strong></p>
</td>
</tr>
<tr>
<td style="width:172px">
<p><strong>Rules direction</strong></p>
</td>
<td style="vertical-align:top; width:610px">
<p>Select the direction of the security group rule as OUT: it means that it allows instances in the security group to access the authorized IP address.</p>
</td>
</tr>
<tr>
<td style="width:172px">
<p><strong>Protocol type</strong></p>
</td>
<td style="vertical-align:top; width:610px">
<p>Select the type of network protocol. Currently TCP, UDP, and ICMP are supported.</p>
</td>
</tr>
<tr>
<td style="width:172px">
<p><strong>Port range</strong></p>
</td>
<td style="vertical-align:top; width:610px">
<p>If the protocol type is selected as TCP or UDP, you need to enter the port range. The value range for the port is 1 to 65535.</p>
</td>
</tr>
<tr>
<td style="width:172px">
<p><strong>Authorize IP</strong></p>
</td>
<td style="vertical-align:top; width:610px">
<p>Enter the authorized IP address.</p>
</td>
</tr>
<tr>
<td style="width:172px">
<p><strong>Description</strong></p>
</td>
<td style="vertical-align:top; width:610px">
<p>Customize the description of the security group rule.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707115453-12653d9c90f3.png" style="height:23px; margin:1px; width:50px" /><strong>:</strong> A maximum of 50 characters.</p>
</td>
</tr>
</tbody>
</table>
<p>10. Click <strong>Confirm</strong>, and you will see an <strong>Operation succeeded </strong>message at the bottom of the page.</p>
Did the above content solve your problem?
Yes
No
Submitted successfully! Thank you for your feedback, we will try our best to do better and better!
Recommended
Cloud Essential Products
Big Data
Enterprise Applications
Developer Services
Popular Products
Latest Products
Recommended Services
Computing
Storage
Backup
Network&CDN
Security
Database
Big Data Computing
Big Data Search and Analysis
Big Data Application
Big Data Solutions
Domain Name and Website
Platform
Communications
Intelligent Management
Office Automation
Auto Service
Management & Monitoring
Middleware
IT Management & Tools
Universal Solutions
Industry Solutions
Enterprise Service Solutions
Hybrid Cloud Solutions
Big Data Solutions
AI Solutions
Security Solutions
Private Cloud Solutions
Financial Solutions
Smart City Solutions
Medical Solutions
Beginner's Guide
Best Practices
API Center
Self-Service
