Skip to main content

NAT Rules

NAT rules control how traffic is translated between public IP addresses and internal VPC resources. The VPC supports both inbound (DNAT) and outbound (SNAT) rules.

Navigate to NAT Rules within your VPC to manage NAT configuration. The page has two tabs: Inbound NAT Rules (DNAT) and Outbound NAT Rules (SNAT).

Inbound NAT Rules (DNAT)

Inbound NAT rules map traffic from a public IP and port to an internal VM and port within the VPC. IPv4 and IPv6 rules are managed on the same page.

Adding an Inbound Rule

  1. Click + Add under Inbound NAT Rules.
  2. Select the Public IP — choose from your floating IPs or the gateway address.
  3. Select the Protocol — All, ICMP, TCP, or UDP.
  4. Enter the Public port start and Public port end (the port range on the public IP).
  5. Select the Target private IP — the internal VM to receive the traffic.
  6. Enter the Private port start and Private port end.
  7. Optionally enter a Description.
  8. Click Submit to add the rule.

Outbound NAT Rules (SNAT)

Outbound NAT rules control how traffic from VMs inside the VPC is translated when leaving the VPC to the public internet.

If you enabled the default outbound NAT rule during VPC deployment, you will see a default SNAT rule that translates all outbound traffic from the VPC subnet to the gateway's public IP. This is what gives VMs inside the VPC internet connectivity.

Adding an Outbound Rule

  1. Click + Add under Outbound NAT Rules.
  2. Enter the Source IP CIDR — the internal subnet or specific IP to match.
  3. Select the Protocol — All, ICMP, TCP, or UDP.
  4. Optionally enter Public IP start and Public IP end (to NAT to a specific public IP range).
  5. Optionally enter Public port start and Public port end.
  6. Enter a Description.
  7. Click Add to save the rule.

Rule Ordering

NAT rules are evaluated in order from top to bottom. When you have multiple rules, you can reorder them by dragging rules using the drag handle on the far left of each row. Rules higher in the list take priority.

Managing Existing Rules

Click the three-dot action menu on any rule to:

  • Edit the rule
  • Delete the rule
  • Add a new rule below the current rule

Syncing Rules

After adding, editing, deleting, or reordering NAT rules, click Sync Rules to push the changes to the gateway. You will be prompted to confirm before the sync is applied.

Note: NAT rules are not active until you sync them. Always click Sync Rules after making changes.

Next Steps

  • Firewall — control which traffic reaches the VPC
  • Load Balancing — distribute traffic across backend VMs
  • Gateway — manage floating IPs for use in NAT rules

Need Help?

Contact support@netactuate.com or open a support ticket from the portal.