NAT 网关

{"list":[{"id":70768,"title":"动态与公告","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_70768_cn.pdf","children":[{"id":71560,"title":"产品动态","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/71560"},{"id":83165,"title":"【2022年11月24日】NAT 网关类型更名公告","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/83165"},{"id":72152,"title":"【2022年4月20日】NAT 网关绑定 EIP 时，EIP 带宽上限不再自动调整","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/72152"},{"id":70769,"title":"【2022年3月7日】NAT 代金券活动公告","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/70769"}],"link":"/document/product/552/70768"},{"id":12950,"title":"产品简介","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_12950_cn.pdf","children":[{"id":12951,"title":"产品概述","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/12951"},{"id":12952,"title":"产品功能","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/12952"},{"id":12953,"title":"应用场景","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/12953"},{"id":12954,"title":"产品规格","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/12954"},{"id":12956,"title":"相关产品","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/12956"}],"link":"/document/product/552/12950"},{"id":18169,"title":"购买指南","type":"directory","docType":"price","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_18169_cn.pdf","children":[{"id":18172,"title":"公网 NAT 网关计费概述","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18172"},{"id":95600,"title":"私网 NAT 网关计费概述","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/95600"},{"id":18173,"title":"购买方式","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18173"},{"id":18174,"title":"欠费说明","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18174"}],"link":"/document/product/552/18169"},{"id":18186,"title":"快速入门","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_18186_cn.pdf","link":"/document/product/552/18186"},{"id":18175,"title":"公网 NAT 网关操作指南","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_18175_cn.pdf","children":[{"id":83056,"title":"创建与管理 NAT 网关","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/83056"},{"id":18180,"title":"管理 NAT 网关的弹性公网 IP","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18180"},{"id":19697,"title":"配置指向 NAT 网关的路由","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/19697"},{"id":52323,"title":"管理 SNAT 规则","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/52323"},{"id":53621,"title":"管理端口转发规则","type":"directory","docType":"default","pdfUrl":"","children":[{"id":18176,"title":"新建端口转发规则","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18176"},{"id":18178,"title":"查询端口转发规则","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18178"}],"link":"/document/product/552/53621"},{"id":12955,"title":"公网 NAT 使用限制","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/12955"},{"id":53623,"title":"网关流控","type":"directory","docType":"default","pdfUrl":"","children":[{"id":18184,"title":"开启网关流控明细","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18184"},{"id":18242,"title":"设置网关流控明细","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18242"},{"id":18239,"title":"查看网关流控明细","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18239"}],"link":"/document/product/552/53623"},{"id":69249,"title":"NAT 网关流日志","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/69249"},{"id":18185,"title":"绑定高防包","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18185"},{"id":53622,"title":"告警与监控","type":"directory","docType":"default","pdfUrl":"","children":[{"id":18182,"title":"设置告警","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18182"},{"id":18181,"title":"查看监控信息","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18181"}],"link":"/document/product/552/53622"},{"id":97541,"title":"访问管理","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/97541"},{"id":101051,"title":"智能调度服务","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/101051"},{"id":100669,"title":"配置安全组规则","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/100669"}],"link":"/document/product/552/18175"},{"id":95601,"title":"私网 NAT 网关操作指南","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_95601_cn.pdf","children":[{"id":95602,"title":"创建与管理 NAT 网关","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/95602"},{"id":95603,"title":"配置指向私网 NAT 网关的路由","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/95603"},{"id":95604,"title":"管理 SNAT 规则","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/95604"},{"id":95605,"title":"管理 DNAT 规则","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/95605"},{"id":97542,"title":"访问管理","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/97542"}],"link":"/document/product/552/95601"},{"id":83170,"title":"最佳实践","type":"directory","docType":"practice","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_83170_cn.pdf","children":[{"id":100670,"title":"通过标准型 NAT 实现跨 VPC 访问公网","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/100670"},{"id":100671,"title":"通过私网 NAT 实现 VPC 内指定子网和外部资源互访","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/100671"},{"id":83194,"title":"通过公网 CLB + NAT 方式实现安全的公网互访","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/83194"},{"id":30012,"title":"调整 NAT 网关和 EIP 的优先级","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/30012"},{"id":101052,"title":"通过 VPC 高级特性实现境外访问优化","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/101052"}],"link":"/document/product/552/83170"},{"id":18240,"title":"API 文档","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_18240_cn.pdf","link":"/document/product/552/18240"},{"id":18623,"title":"常见问题","type":"directory","docType":"faq","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_18623_cn.pdf","children":[{"id":18626,"title":"概念类","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18626"},{"id":18671,"title":"计费类","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18671"},{"id":18627,"title":"功能类","type":"page","docType":"default","pdfUrl":"","link":"/document/product/552/18627"}],"link":"/document/product/552/18623"},{"id":88993,"title":"服务等级协议","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_88993_cn.pdf","link":"/document/product/552/88993"},{"id":59700,"title":"联系我们","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_59700_cn.pdf","link":"/document/product/552/59700"},{"id":18510,"title":"词汇表","type":"page","docType":"glossary","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/552_18510_cn.pdf","link":"/document/product/552/18510"}],"categoryId":552,"title":"NAT 网关","lang":"zh"}

文档中心 NAT 网关公网 NAT 网关操作指南配置安全组规则

配置安全组规则

最近更新时间：2024-04-12 15:31:11

我的收藏

本页目录：

使用场景
操作步骤
- 编辑安全组规则

使用场景
用户的 CVM 通过 NAT 网关出公网时，可以在 NAT 网关配置安全组规则，包括进出 NAT 网关的流量，进行访问控制。
﻿
﻿
﻿
注意：
目前仅标准型 NAT 实例支持安全组，传统型 NAT 实例不支持。
操作步骤
1. 登录 公网 NAT 网关控制台，新建标准型 NAT 网关实例。详情可参见 标准型 NAT 网关。
2. 创建完成后，单击刚创建的 NAT 网关实例 ID，进入详情页。
3. 选择安全组页签，单击配置。
说明：
一个 NAT 实例可以绑定多个安全组，安全组之间的顺序决定了安全组的优先级。
﻿
编辑安全组规则
安全组分入站规则和出站规则，这里的入站和出站都是相对于 NAT 网关而言，入站就是进入 NAT 网关的数据包，出站就是从 NAT 网关转发出去的数据包。
结合 NAT 网关的 SNAT 和 DNAT 场景，下面分别说明：
安全组规则注意事项
入站规则本质是针对进入 NAT 网关的流量做限制，出站规则本质是针对 NAT 网关发出的流量做限制，回包不受安全组规则的限制。配置的入站规则和出站规则会同时影响 SNAT 场景和 DNAT 场景。所以配置入站规则和出站规则时，需要综合考虑 SNAT/DNAT 场景。
由于 NAT 网关自身会使用 ICMP 流量来探测网络联通性，出站规则需要放通目标为0.0.0.0，协议端口为 ICMP 的包，否则会导致网络探测失败。
NAT 网关绑定的 EIP 全程不参与安全组的规则计算。
SNAT 场景的安全组
SNAT 场景时，安全组仅针对出公网数据包生效，回包会命中会话，不参与安全组规则计算。
﻿
﻿
﻿
入站规则
入站规则：源 IP +协议端口。
可以配置允许哪些内网 IP 出公网，哪些内网 IP 不能出公网。比如仅允许10.1.1.0/24的内网 IP 访问公网：
﻿
出站规则
出站规则：目的 IP + 协议端口。
可以配置允许访问哪些公网 IP 或不允许访问哪些公网 IP。例如允许访问任意公网 IP：
﻿
﻿
﻿
DNAT 场景的安全组
DNAT 场景时，安全组仅针对公网进入云上数据包生效，回包因为命中会话，不参与安全组规则计算。
﻿
﻿
﻿
入站规则
入站规则：源 IP + 协议端口。
可以配置允许或者不允许哪些公网 IP 访问 NAT。例如仅允许220.153.1.6通过 NAT 访问云上资源：
﻿
出站规则
出站规则：目的 IP + 协议端口。
可以配置允许或者不允许访问哪些内网 IP。比如允许访问任意内网 IP：
﻿
﻿

上一篇: 智能调度服务下一篇: 创建与管理 NAT 网关