/ DOCS
nav-img
Advanced

Creating a DNAT Rule

Function

This API is used to create a DNAT rule.

Note

You can create a DNAT rule only when status of the NAT gateway is set to ACTIVE and admin_state_up of the NAT gateway administrator to True. Specify either port_id or private_ip at a time. If you are going to create a DNAT rule that allows traffic to and from all ports of a server and an EIP, set internal_service_port to 0, external_service_port to 0, and protocol to any.

URI

POST /v2/{project_id}/dnat_rules

Table 1 Parameter description

Parameter

Mandatory

Type

Description

project_id

Yes

String

Specifies the project ID.

Request

Table 2 lists the request parameter.

Table 2 Request parameter

Parameter

Mandatory

Type

Description

dnat_rule

Yes

Object

Specifies the DNAT rule object. For details, see Table 3.

Table 3 Description of the dnat_rule field

Parameter

Mandatory

Type

Description

nat_gateway_id

Yes

String

Specifies the NAT gateway ID.

port_id

No

String

Specifies the port ID of the server. Either this parameter or private_ip must be specified.

private_ip

No

String

Specifies the private IP address of a user, for example, the IP address of a VPC connected by a Direct Connect connection. You can specify either this parameter or port_id.

internal_service_port

Yes

Integer

Specifies the port used by servers to provide services accessible from the Internet.

The value ranges from 0 to 65535.

floating_ip_id

Yes

String

Specifies the EIP ID.

external_service_port

Yes

Integer

Specifies the port for providing services for external systems.

The value ranges from 0 to 65535.

protocol

Yes

String

Specifies the protocol.

Its value can be tcp (6), udp (17), or any (0).

description

No

String

Provides supplementary information about the DNAT rule.

internal_service_port_range

No

String

Specifies the port range used by the server for providing services for external systems.

  • The number of ports must be the same as that of external _service_port_range.
  • The value ranges from 1 to 65535.
  • Specify two port numbers connected by a single hyphen (-) and no blank spaces in the x-y format, where x is lower than y.

external_service_port_range

No

String

Specifies the port range used by the floating IP address for providing services for external systems.

  • The number of ports must be same as that of internal _service_port_range.
  • The value ranges from 1 to 65535.
  • Specify two port numbers connected by a single hyphen (-) and no blank spaces in the x-y format, where x is lower than y.

Response

Table 4 lists response parameter.

Table 4 Response parameter

Parameter

Type

Description

dnat_rule

Object

Specifies the DNAT rule object. For details, see Table 5.

Table 5 Description of the dnat_rule field

Parameter

Type

Description

id

String

Specifies the DNAT rule ID.

tenant_id

String

Specifies the project ID.

nat_gateway_id

String

Specifies the NAT gateway ID.

port_id

String

Specifies the port ID of the server. Either this parameter or private_ip must be specified.

private_ip

String

Specifies the private IP address of a user, for example, the IP address of a VPC connected by a Direct Connect connection.

internal_service_port

Integer

Specifies the port used by servers to provide services accessible from the Internet.

floating_ip_id

String

Specifies the EIP ID.

floating_ip_address

String

Specifies the EIP address.

external_service_port

Integer

Specifies the port for providing services for external systems.

protocol

String

Specifies the protocol.

Its value can be tcp (6), udp (17), or any (0).

description

String

Provides supplementary information about the DNAT rule.

status

String

  • Specifies the status of the DNAT rule.
  • For details about all its values, see Table 1.

admin_state_up

Boolean

  • Specifies the unfrozen or frozen state.
  • The value can be:
    • true: indicates the unfrozen state.
    • false: indicates the frozen state.

created_at

String

  • Specifies when the DNAT rule is created (UTC time). Its value rounds to 6 decimal places for seconds. The format is yyyy-mm-dd hh:mm:ss.

internal_service_port_range

String

Specifies the port range used by the server for providing services for external systems.

  • The number of ports must be the same as that of external _service_port_range.
  • The value ranges from 1 to 65535.

external_service_port_range

String

Specifies the port range used by the floating IP address for providing services for external systems.

  • The number of ports must be same as that of internal _service_port_range.
  • The value ranges from 1 to 65535.

Examples

  • Example requests
    1. Creating a DNAT rule with specified internal_service_port and external_service_port
      POST https://{Endpoint}/v2/d199ba7e0ba64899b2e81518104b1526/dnat_rules
      { 
           "dnat_rule": { 
               "floating_ip_id": "bf99c679-9f41-4dac-8513-9c9228e713e1", 
               "nat_gateway_id": "cda3a125-2406-456c-a11f-598e10578541", 
               "port_id": "9a469561-daac-4c94-88f5-39366e5ea193", 
               "internal_service_port": 993, 
               "protocol": "tcp", 
               "external_service_port": 242, 
               "description": "my dnat rule 01"
           } 
       }
    1. Creating a DNAT rule with both internal_service_port and external_service_port set to 0
      POST https://{Endpoint}/v2/d199ba7e0ba64899b2e81518104b1526/dnat_rules
      { 
           "dnat_rule": { 
               "floating_ip_id": "Cf99c679-9f41-4dac-8513-9c9228e713e1", 
               "nat_gateway_id": "Dda3a125-2406-456c-a11f-598e10578541", 
               "private_ip": "192.168.1.100", 
               "internal_service_port": 0, 
               "protocol": "any", 
               "external_service_port": 0, 
               "description": "my dnat rule 01" 
           } 
       }
    2. Creating a DNAT rule with specified external_service_port_range and internal_service_port_range
      POST https://{Endpoint}/v2/d199ba7e0ba64899b2e81518104b1526/dnat_rules
      { 
           "dnat_rule": { 
               "floating_ip_id": "Cf99c679-9f41-4dac-8513-9c9228e713e1", 
               "nat_gateway_id": "Dda3a125-2406-456c-a11f-598e10578541", 
               "private_ip": "192.168.1.100", 
               "internal_service_port": 0, 
               "protocol": "tcp", 
               "external_service_port": 0, 
               "description": "my dnat rule 01" ,
               "external_service_port_range":"100-200",
               "internal_service_port_range":"100-200"
           } 
       }
  • Example responses
    1. Response to the request for creating a DNAT rule with specified internal_service_port and external_service_port
      {          
           "dnat_rule": { 
               "floating_ip_id": "bf99c679-9f41-4dac-8513-9c9228e713e1", 
               "status": "ACTIVE", 
               "nat_gateway_id": "cda3a125-2406-456c-a11f-598e10578541", 
               "admin_state_up": true, 
               "port_id": "9a469561-daac-4c94-88f5-39366e5ea193", 
               "internal_service_port": 993, 
               "protocol": "tcp", 
               "tenant_id": "abc", 
               "created_at": "2017-11-15 15:44:42.595173", 
               "id": "79195d50-0271-41f1-bded-4c089b2502ff", 
               "external_service_port": 242, 
               "floating_ip_address": "5.21.11.226",
               "description": "my dnat rule 01" 
           } 
       }
    2. Response to the request for creating a DNAT rule with both internal_service_port and external_service_port set to 0
      { 
           "dnat_rule": { 
               "floating_ip_id": "cf99c679-9f41-4dac-8513-9c9228e713e1", 
               "status": "ACTIVE", 
               "nat_gateway_id": "dda3a125-2406-456c-a11f-598e10578541", 
               "admin_state_up": true, 
               "private_ip": "192.168.1.100", 
               "internal_service_port": 0, 
               "protocol": "any", 
               "tenant_id": "abc", 
               "created_at": "2017-11-15 15:44:42.595173", 
               "id": "79195d50-0271-41f1-bded-4c089b2502ff", 
               "external_service_port": 0, 
               "floating_ip_address": "5.21.11.227",
               "description": "my dnat rule 01" 
           } 
       }
    3. Response to the request for creating a DNAT rule with specified external_service_port_range and internal_service_port_range
      { 
           "dnat_rule": { 
               "floating_ip_id": "cf99c679-9f41-4dac-8513-9c9228e713e1", 
               "status": "ACTIVE", 
               "nat_gateway_id": "dda3a125-2406-456c-a11f-598e10578541", 
               "admin_state_up": true, 
               "private_ip": "192.168.1.100", 
               "internal_service_port": 0, 
               "protocol": "tcp", 
               "tenant_id": "abc", 
               "created_at": "2017-11-15 15:44:42.595173", 
               "id": "79195d50-0271-41f1-bded-4c089b2502ff", 
               "external_service_port": 0, 
               "floating_ip_address": "5.21.11.227",
               "description": "my dnat rule 01",
               "internal_service_port_range":"100-200",
               "external_service_port_range":"100-200"
           } 
       }

Status Codes

See Status Codes.

Parent topic: DNAT Rules
Предыдущая статья
DNAT Rules
Следующая статья
Creating DNAT Rules in Batches
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru