Notes and Constraints

When using a NAT gateway:

• Multiple rules for one NAT gateway can use the same EIP, but the rules for different NAT gateways must use different EIPs.
• Each VPC can only have one NAT gateway.
• Manually adding the default route for a VPC is not allowed.
• Each VPC subnet can only be used in one SNAT rule.
• SNAT and DNAT rules cannot share the same EIP.
• If both an EIP and a NAT gateway are configured for a server, data will be forwarded through the EIP.
• When you add an SNAT rule, if the rule is used in the VPC scenario, the custom CIDR block must be a subset of the NAT gateway's VPC subnets. If the rule is used in the Direct Connect scenario, the custom CIDR block must be a CIDR block of a Direct Connect connection and cannot overlap with the NAT gateway's VPC subnets.
• After you perform operations on underlying resources of an ECS, for example, changing its specifications, the configured NAT gateway rules will become invalid. Delete the rules and recreate them for the new specifications.
• You can configure only one DNAT rule for each port of a server. One port can be mapped to only one EIP.
• Some carriers will block the following ports for security reasons. It is recommended that you do not use the following ports.

  Protocol	Ports Not Supported
  TCP	42 135 137 138 139 444 445 593 1025 1068 1434 3127 3128 3129 3130 4444 4789 4790 5554 5800 5900 9996
  UDP	135~139 1026 1027 1028 1068 1433 1434 4789 4790 5554 9996