SNAT below to see how to achieve, SNAT and DNAT configuration methods are not the same, DNAT can be configured directly on the FW, SNAT we can achieve by UDR, if you want all outbound traffic through FW, we can configure default by UDR export routes for the FW, so access to internet traffic would have to go the FW
First look at the FW doing DNAT to rewrite the IP, from home computers to curl FW IP
In Nginx log where you can see the source IP would be the FW IP, that is to say in doing DNAT, FW will rewrite the request source IP
If curl server's public IP
Log in'll see the source IP is the client's public IP
Region curl from each web server to the public network IP, comprising VNET VNET peer and the FW
Curl web server directly to the public network IP, see the source IP is a public server IP, the station explained that went directly internet, without FW, no SNAT
Below to see how to configure SNAT, first create a UDR in each region
Add a default route to FW
Associated with the respective subnet
After trying to continue to curl from the VM to the web server, you will find FW traffic is rejected, because the rules do not allow outbound
This problem can be solved on the open network rules FW
10.88 segment can curl www.baidu.com
Not 88 segment will not do
Add a network rule other segment again
Try to add a separate rule segment where linux2
Try again, you can connect, DNAT simply realized
