检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If you migrate over the Internet, you need to pay for NAT gateways used by migration clusters. For details, see NAT Gateway Billing or NAT Gateway Price Calculator. If you choose to enable log collection, you need to pay Log Tank Service (LTS) for resources you consume.
If the ID is specified, the corresponding NAT gateway is used. If not, create one. nat_name No String NAT gateway name, which defaults to nat-workspace. eip_name No String EIP name, which defaults to eip-workspace.
If you have a NAT gateway, it receives and responds to incoming traffic. The NAT gateway has an EIP bound, through which backend servers can access the Internet and provide services accessible from the Internet.
Migration over the Internet incurs costs for the NAT gateways used by your migration clusters. For details, see NAT Gateway Billing or NAT Gateway Price Calculator. Migration over the Internet incurs costs for the EIPs used by your migration clusters.
(Recommended) Using NAT Gateway Prerequisites for this solution: You have purchased an EIP and a public NAT gateway. The public NAT gateway and the ECSs that need to access the Internet are in the same VPC.
NAT gateway protection comes in the following scenarios: The EIP bound to a NAT gateway can be protected. Only the traffic of the EIP will be audited.
Solution Solution 1: Use the NAT Gateway service to enable container instances (pods) in a VPC to access public networks.
Create a public NAT gateway. Log in to the NAT Gateway console, choose NAT Gateway > Public NAT Gateways in the navigation pane on the left, and click Buy Public NAT Gateway.
You need to create a public NAT gateway in Subnet-NAT and configure an SNAT rule for Subnet-A01. The system automatically adds a route pointing to the NAT gateway to the route table of VPC-A.
(Optional) Deleting a NAT gateway: Click Delete >>. In the NAT gateway list, locate the NAT gateway to delete, and click Delete in the Operation column. If you want to perform this operation, enter DELETE or click Auto Enter. Click OK.
Log in to the NAT console. On the displayed page, click the name of the NAT gateway for which you want to add the SNAT rule. On the SNAT Rules tab, click Add SNAT Rule. Configure the parameters as prompted.
SNAT Protection Overview Context The CFW standard edition protects traffic between EIPs, for example, traffic generated when the Network Address Translation (NAT) gateway is used for multiple VPCs or subnets to use EIPs to initiate external access.
To obtain a corresponding IPv6 EIP, enable the IPv6 EIP function. 1 NAT gateway NAT-Test This public NAT gateway will have an EIP bound. 1 VPN gateway VPN-GW-Test This VPN gateway is an egress gateway in a VPC and allows reliable and encrypted communications between a VPC and an on-premises
Checking whether the network configuration is correct Check whether the network configuration is correct by referring to Public NAT Gateway Troubleshooting. If the network configuration is correct, go to 6.
None Introduction Introduction 03:05 Cloud Firewall Service Introduction Features Traffic Protection at the Internet Border 03:15 Traffic Protection at the Internet Border VPC Border Traffic Protection 10:09 VPC Border Traffic Protection NAT Gateway Traffic Protection 04:18 NAT Gateway
NAT Gateway: Public NAT gateways translate private IP addresses into EIPs, and are used by cloud servers in a VPC for secure, cost-effective Internet access.
Procedure for creating a public NAT gateway: In the left navigation pane of the management console, choose Network > NAT Gateway to go to the NAT Gateway console. Then click Buy Public NAT Gateway.
For both public and private NAT gateways, DNAT rules can be modified. Parent topic: DNAT Rules
Instead, you are advised to configure a public network NAT gateway to use SNAT for flexible management.
Figure 1 VPC and related services Table 1 Related services Service Interaction Function Elastic Cloud Server (ECS) Using Security Groups to Protect ECS Network Security Elastic IP (EIP) Using an EIP to Connect a VPC to the Internet NAT Gateway Using a Public NAT Gateway to Connect
