NAT is a network address translation mechanism that allows you to replace the private address of a service with a public IP when accessing the Internet.
Packets sent from services go through a traffic routing device. If the destination address is local, the packet is forwarded within the network to the local address. If the address is external, the router replaces the service’s private IP with the gateway’s public IP and sends the packet “outside”.
With NAT, you don’t have to issue unique public IPs to each service. Services within the private network that do not have their own public IP will access the Internet through the gateway IP address.
Floating IPs are used as external IPs for NAT. If a floating IP has not yet been assigned to the network, then when you enable NAT, you can select one of the existing floating IPs on your account or create a new one.
If at some point you no longer need to use NAT, the IP can be disconnected from the network and used for other services on the account or deleted.
You can enable or disable NAT manually:
When creating a new private network
In the settings of an existing network
If no floating IP address is assigned to the private network yet, it will be assigned when you enable NAT.
You can choose one of the existing floating IPs on your account or create a new one. A floating IP costs $2.5 per month.
NAT will be enabled automatically when the “Outgoing Only” routing rule is enabled to any service in the private network.
When disabling NAT:
All services in the private network with the “Outgoing Only” traffic routing rule enabled will lose access to the Internet and will be available only within the private network.
The following traffic routing rules can be enabled for services:
Cloud servers |
Incoming and outgoing Outgoing only Private network only |
Cloud Databases |
Incoming and outgoing Private network only |
Load Balancers |
Incoming and outgoing |
Incoming and outgoing
Incoming and outgoing traffic to/from the external network is allowed. The service has its own public IP for accessing the Internet.
If you disable the "Incoming and outgoing" rule, the service will lose its public IP address. When re-enabled, a new IP will be issued.
Outgoing only
Outgoing traffic to the external network is allowed, incoming traffic from the Internet is blocked. The service does not have its own public IP, it works behind NAT and can access the Internet with the gateway public IP.
When you enable the "Outgoing Only" rule for one of the services in a private network, NAT will be automatically enabled and a public IP issued for the gateway.
When NAT is disabled, all services with the "Outgoing Only" rule will lose access to the Internet and the rule will change to "Private network only".
Private network only
Only traffic within the private network is allowed, all external traffic is blocked. The service does not have its own public IP.
You can configure traffic routing rules:
In the private network settings
Click on the traffic rule icon and select a new rule.
In the service’s network settings
Cloud servers:
Go to Cloud servers and click on the server.
In the Network tab, click Configure next to Traffic routing rules (NAT).
Select a new routing rule and save changes.
Databases:
When enabled, the Incoming and outgoing traffic rule is applied. When disabled, the Private network only rule.
NAT is provided for free, however, it requires a floating IP address, which is used as the public address for the private network. The cost of a floating IP is $2.5 per month.
A floating IP is charged as long as it exists on your Hostman account, even if NAT is already disabled. To stop the charges, delete the floating IP from the Networks → Floating IP section.