Help Center

Elastic Cloud Server

Product Overview
User Guide
Subscription Guide
Beginner's Guide
Quick Start
ECS Instance
Monitoring the Cloud Server
Best Practices
Troubleshooting
FAQs
Agreements

Access the Internet using SNAT

2025-11-25 06:26:52

Background

When you have a large number of ECSs that need to access the Internet, you can use the SNAT function of NAT gateway to unify the public network egress and prevent the cloud server IP address from being directly exposed to the Internet.

Preparation

Environment Preparation

· A VPC has been created. For details, see Virtual Private Cloud (VPC) - Creating VPC and Subnet and Building Private Network.

· An ECS without elastic IP has been created under this VPC. For details, see Elastic Cloud Server - Creating an Elastic Cloud Server.

Procedure

Step 1: Purchase an Elastic IP

Step 2: Purchase a NAT gateway

Step 3: Configure routes (only required for some resource pools)

Step 4: Configure SNAT rules

Step 5: Test the connectivity

Step 1: Purchase an Elastic IP

Description

Elastic IP addresses are mainly used to bind SNAT rules of NAT gateway to access the Internet.

Procedure

1. Log in to the eSurfing Cloud console and select Network > Elastic IP.

2. Enter the Elastic IP console and click Apply for Elastic IP in the upper right corner.

3. Select the bandwidth specification as required and click Next.

4. Confirm the specifications, select "I have read and agree to the agreement", and click Confirm Order to complete the creation of elastic IP.

Step 2: Purchase a NAT gateway

Description

When purchasing a public NAT gateway, you must specify the VPC and subnet where the public NAT gateway resides. Specify the VPC and subnet where the ECS is located here.

Procedure

1. Log in to the eSurfing Cloud console and select Network > NAT Gateway.

2. Enter the NAT Gateway console and click Create NAT Gateway in the upper right corner

3. Select the payment method, fill in the name, select the availability zone, select the VPC created in Environment Preparation, select the specifications, and click Next.

4. Confirm the specifications, select "I have read and agree to the agreement", and click Confirm Order to complete the creation of NAT Gateway.

Step 3: Configure routes (only required for some resource pools)

Description

Some resource pools automatically load routes into the VPC after purchasing a NAT gateway, and this step is not required.

Some resource pools need to add routes to the NAT gateway in the default route.

For details about the mapping between resource pools and operations, see Differences in Resource Pools for VPC Related Products.

Procedure

1. Add a default route pointing to the NAT gateway. Click VPC to enter the VPC console, select the VPC created in the environment, click the name to open the VPC details page, and click the subnet name on the Subnet tab to enter the subnet details page.

2. Click the Route Management tab on the subnet details page, and click the bound Default Routing Table to enter the routing rules page.

3. Click Create on the routing rules page, and on the pop-up page, select

· IP type: IPv4

· Destination address: 0.0.0.0/0

· Next hop type: NAT gateway

· NAT gateway: Select the newly created NAT gateway

1. Click OK to complete the default route pointing to the NAT gateway.

 

                

Note   

When a cloud server in the same subnet is bound to a public IP address and SNAT rule at the same time, the route priority to the NAT gateway is higher than that of the system route to the IPv4 gateway, and the EIP bound to the cloud server cannot access the Internet by default. Therefore, it is not recommended to bind public IP or NAT gateway for cloud servers in the same subnet at the same time.

 

              

For details, see Elastic IP - How Do I Use an EIP or NAT Gateway to Access the Internet.

Step 4: Configure SNAT rules

Description

After the public NAT gateway is created successfully, you need to create SNAT rules. By creating SNAT rules, you can connect the cloud servers under the subnet to the Internet by sharing the EIP.

Procedure

1. Click the NAT gateway created in the previous step to enter the NAT gateway details page, scroll down to the SNAT tab and click Add SNAT Rule.

2. Select the configuration on the pop-up page:

· Source CIDR block type: Select Subnet in the VPC

· Subnet: Select the subnet where the cloud server is located

· Elastic IP: Select the elastic IP created in Step 1

1. Click OK to complete adding the SNAT rule.

2. Wait until the SNAT rule status changes to Running, that is, complete the SNAT rule configuration.

Step 5: Test the connectivity

Description

We test the network connectivity by verifying whether an ECS that is not bound to an EIP can access the Internet through the NAT gateway.

Procedure

1. Log in to the eSurfing Cloud console and select Computing > Elastic Cloud Server.

2. Enter the ECS console, select the ECS without EIP created in the preparations, and click Remote Login on the right to log in to the ECS.

3. After login, test whether the cloud server can access the Internet through NAT gateway by pinging the extranet address.

It indicates that ECS can connect to the Internet.


The previous article -  Replace an Elastic IP
The next article -  Password and Key Pair
Ldpn.64JqD1D