教程:使用 Azure 门户创建 NAT 网关Tutorial: Create a NAT gateway using the Azure portal

本教程介绍如何使用 Azure 虚拟网络 NAT 服务。This tutorial shows you how to use Azure Virtual Network NAT service. 你将创建一个 NAT 网关,以便为 Azure 中的虚拟机提供出站连接。You'll create a NAT gateway to provide outbound connectivity for a virtual machine in Azure.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 创建虚拟网络。Create a virtual network.
  • 创建虚拟机。Create a virtual machine.
  • 创建 NAT 网关并将其与虚拟网络关联。Create a NAT gateway and associate with the virtual network.
  • 连接到虚拟机并验证 NAT IP 地址。Connect to virtual machine and verify NAT IP address.

先决条件Prerequisites

虚拟网络Virtual network

在部署 VM 并使用 NAT 网关之前,需要创建资源组和虚拟网络。Before you deploy a VM and can use your NAT gateway, we need to create the resource group and virtual network.

  1. 登录 Azure 门户Sign in to the Azure portal.

  2. 在屏幕的左上方选择“创建资源”>“网络”>“虚拟网络”,或者在搜索框中搜索“虚拟网络”。 On the upper-left side of the screen, select Create a resource > Networking > Virtual network or search for Virtual network in the search box.

  3. 选择“创建”。Select Create.

  4. 在“创建虚拟网络” 的“基本信息”选项卡中输入或选择以下信息 :In Create virtual network, enter or select this information in the Basics tab:

    设置Setting Value
    项目详细信息Project Details
    订阅Subscription 选择 Azure 订阅Select your Azure subscription
    资源组Resource Group 选择“新建”。Select Create new.
    输入“myResourceGroupNAT”。Enter myResourceGroupNAT.
    选择“确定”。Select OK.
    实例详细信息Instance details
    名称Name 输入“myVNet”Enter myVNet
    区域Region 选择“中国北部”Select China North
  5. 选择“IP 地址”选项卡 ,或选择页面底部的“下一步: IP 地址”按钮。Select the IP Addresses tab or select the Next: IP Addresses button at the bottom of the page.

  6. 在“IP 地址” 选项卡上,输入以下信息:In the IP Addresses tab, enter this information:

    设置Setting Value
    IPv4 地址空间IPv4 address space 输入“10.1.0.0/16”Enter 10.1.0.0/16
  7. 选择“+ 添加子网”。Select + Add subnet.

  8. 在“编辑子网”中输入以下信息: In Edit subnet, enter this information:

    设置Setting Value
    子网名称Subnet name 输入 mySubnetEnter mySubnet
    子网地址范围Subnet address range 输入“10.1.0.0/24”Enter 10.1.0.0/24
  9. 选择 添加Select Add.

  10. 选择“安全”选项卡。Select the Security tab.

  11. 在“BastionHost”下,选择“启用” 。Under BastionHost, select Enable. 输入此信息:Enter this information:

    设置Setting Value
    Bastion 名称Bastion name 输入“myBastionHost”Enter myBastionHost
    AzureBastionSubnet 地址空间AzureBastionSubnet address space 输入“10.1.1.0/24”Enter 10.1.1.0/24
    公共 IP 地址Public IP Address 选择“新建”。Select Create new.
    对于“名称”,请输入“myBastionIP” 。For Name, enter myBastionIP.
    选择“确定”。Select OK.
  12. 选择“查看 + 创建”选项卡,或选择“查看 + 创建”按钮。Select the Review + create tab or select the Review + create button.

  13. 选择“创建”。Select Create.

NAT 网关NAT gateway

可以使用一个或多个公共 IP 地址资源和/或公共 IP 前缀。You can use one or more public IP address resources, public IP prefixes, or both. 我们将添加公共 IP 资源和 NAT 网关资源。We'll add a public IP resource and a NAT gateway resource.

  1. 在屏幕的左上方,选择“创建资源”>“网络”>“NAT 网关”,或者在搜索框中搜索“NAT 网关” 。On the upper-left side of the screen, select Create a resource > Networking > NAT gateway or search for NAT gateway in the search box.

  2. 选择“创建”。Select Create.

  3. 在“创建网络地址转换(NAT)网关”中,在“基本信息”选项卡中输入或选择以下信息 :In Create network address translation (NAT) gateway, enter or select this information in the Basics tab:

    设置Setting Value
    项目详细信息Project Details
    订阅Subscription 选择 Azure 订阅。Select your Azure subscription.
    资源组Resource Group 选择“myResourceGroupNAT”。Select myResourceGroupNAT.
    实例详细信息Instance details
    名称Name 输入“myNATgateway”Enter myNATgateway
    区域Region 选择“中国北部”Select China North
    空闲超时(分钟)Idle timeout (minutes) 输入“10”。Enter 10.
  4. 选择“出站 IP”选项卡,或者选择“下一步:出站 IP”按钮(位于页面底部) 。Select the Outbound IP tab, or select the Next: Outbound IP button at the bottom of the page.

  5. 在“出站 IP”选项卡中,输入或选择以下信息:In the Outbound IP tab, enter or select the following information:

    设置Setting Value
    公共 IP 地址Public IP addresses 选择“创建新的公共 IP 地址”。Select Create a new public IP address.
    在“名称”中,选择“myPublicIP” 。In Name, enter myPublicIP.
    选择“确定”。Select OK.
  6. 选择“子网”选项卡,或者选择“下一步:子网”按钮(位于页面底部) 。Select the Subnet tab, or select the Next: Subnet button at the bottom of the page.

  7. 在“子网”选项卡中,选择“虚拟网络”下拉列表中的“myVNet” 。In the Subnet tab, select myVNet in the Virtual network pull-down.

  8. 选中“mySubnet”旁边的复选框。Check the box next to mySubnet.

  9. 选择“查看 + 创建”选项卡,或选择页面底部的“查看 + 创建”按钮 。Select the Review + create tab, or select the blue Review + create button at the bottom of the page.

  10. 选择“创建”。Select Create.

虚拟机Virtual machine

在本部分中,你将创建虚拟机来测试 NAT 网关并验证出站连接的公共 IP 地址。In this section, you'll create a virtual machine to test the NAT gateway and verify the public IP address of the outbound connection.

  1. 在门户的左上方,选择“创建资源” > “计算” > “虚拟机” 。On the upper-left side of the portal, select Create a resource > Compute > Virtual machine.

  2. 在“基本信息”选项卡的“创建虚拟机”页中,输入或选择以下信息 :In the Create a virtual machine page in the Basics tab, enter, or select the following information:

    设置Setting Value
    项目详细信息Project details
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“myResourceGroupNAT”。Select myResourceGroupNAT.
    实例详细信息Instance details
    虚拟机名称Virtual machine name 输入“myVM”。Enter myVM.
    区域Region 选择“中国北部”。Select China North.
    可用性选项Availability options 保留默认值“无需冗余”。Leave the default of no redundancy required.
    映像Image 选择“Windows Server 2019 Datacenter - Gen1”。Select Windows Server 2019 Datacenter - Gen1.
    大小Size 选择“Standard_DS1_v2”。Select Standard_DS1_v2.
    管理员帐户Administrator account
    用户名Username 输入虚拟机的用户名。Enter a username for the virtual machine.
    PasswordPassword 输入密码。Enter a password.
    确认密码Confirm password 确认密码。Confirm password.
    入站端口规则Inbound port rules
    公共入站端口Public inbound ports 选择“无”。Select None.
  3. 选择“磁盘”选项卡,或者选择“下一步:磁盘”按钮(位于页面底部) 。Select the Disks tab, or select the Next: Disks button at the bottom of the page.

  4. 在“磁盘”选项卡中保留默认值。Leave the default in the Disks tab.

  5. 选择“网络”选项卡,或者选择“下一步:网络”按钮(位于页面底部) 。Select the Networking tab, or select the Next: Networking button at the bottom of the page.

  6. 在“网络”中,输入或选择以下信息:In the Networking tab, enter or select the following information:

    设置Setting Value
    网络接口Network interface
    虚拟网络Virtual network 选择“myVNet”。Select myVNet.
    子网Subnet 选择“mySubnet”。Select mySubnet.
    公共 IPPublic IP 选择“无”。Select None.
    NIC 网络安全组NIC network security group 选择“基本”。Select Basic.
    公共入站端口Public inbound ports 选择“无”。Select None.
  7. 选择“查看 + 创建”选项卡,或选择页面底部的“查看 + 创建”按钮 。Select the Review + create tab, or select the blue Review + create button at the bottom of the page.

  8. 选择“创建”。Select Create.

测试 NAT 网关Test NAT gateway

在本部分中,我们将测试 NAT 网关。In this section, we'll test the NAT gateway. 首先,我们将发现 NAT 网关的公共 IP。We'll first discover the public IP of the NAT gateway. 然后,我们将连接到测试虚拟机,并通过 NAT 网关验证出站连接。We'll then connect to the test virtual machine and verify the outbound connection through the NAT gateway.

  1. 在“概述”屏幕上找到 NAT 网关的公共 IP 地址。Find the public IP address for the NAT gateway on the Overview screen. 在左侧菜单中选择“所有服务”,选择“所有资源”,然后选择“myPublicIP”。Select All services in the left-hand menu, select All resources, and then select myPublicIP.

  2. 记下公共 IP 地址:Make note of the public IP address:

    发现 NAT 网关的公共 IP 地址

  3. 在左侧菜单中选择“所有服务”,选择“所有资源”,然后从资源列表中选择位于“myResourceGroupNAT”资源组中的“myVM” 。Select All services in the left-hand menu, select All resources, and then from the resources list, select myVM that is located in the myResourceGroupNAT resource group.

  4. 在“概述”页上,选择“连接”,然后选择“Bastion” 。On the Overview page, select Connect, then Bastion.

  5. 选择蓝色的“使用堡垒”按钮。Select the blue Use Bastion button.

  6. 输入在 VM 创建过程中输入的用户名和密码。Enter the username and password entered during VM creation.

  7. 在 myTestVM 中打开 Internet Explorer 。Open Internet Explorer on myTestVM.

  8. 在地址栏中输入“https://whatsmyip.com”。Enter https://whatsmyip.com in the address bar.

  9. 验证显示的 IP 地址与你在上一步中记下的 NAT 网关地址是否匹配:Verify the IP address displayed matches the NAT gateway address you noted in the previous step:

    显示外部出站 IP 的 Internet Explorer

清理资源Clean up resources

如果你不打算继续使用此应用程序,请按以下步骤删除虚拟网络、虚拟机和 NAT 网关:If you're not going to continue to use this application, delete the virtual network, virtual machine, and NAT gateway with the following steps:

  1. 从左侧菜单中,选择“资源组”。From the left-hand menu, select Resource groups.

  2. 选择“myResourceGroupNAT”资源组。Select the myResourceGroupNAT resource group.

  3. 选择“删除资源组”。Select Delete resource group.

  4. 输入“myResourceGroupNAT”,然后选择“删除” 。Enter myResourceGroupNAT and select Delete.

后续步骤Next steps

有关 Azure 虚拟网络 NAT 的详细信息,请参阅:For more information on Azure Virtual Network NAT, see: