Focus Mode

How to Update a NAT Gateway Port Forwarding Rule

Updated on 23 March, 2026

Learn how to update NAT Gateway port forwarding rules and enabled status.

Updating a port forwarding rule modifies its configuration to reflect changes in service ports, internal destination addresses, protocols, or enabled status. Adjust rules as your infrastructure evolves to maintain accurate traffic routing and security posture.

Follow this guide to update a NAT Gateway subscription port forwarding rule using the Vultr Customer Portal, API, CLI, or Terraform.

Vultr Customer Portal
Vultr API
Vultr CLI
Terraform

Navigate to Products, expand the Network drop-down and select VPC Networks.
Select your target VPC Network with NAT Gateway connectivity.
Scroll to the NAT Port Forwarding section.
Locate your target port forwarding rule in the list.
To enable or disable the rule, click the toggle switch next to the rule name.
Click the Edit icon (pencil icon) for the rule you want to modify.

The Edit Port Forwarding Rule panel opens with the current configuration:
- Rule Name: Modify the rule name if needed.
- Protocol: Change the protocol (TCP, UDP, or Both).
- External Port: Update the port number on the NAT Gateway's public IP.
- Internal IP: Change the private IP address of the target instance.
- Internal Port: Modify the port number on the target instance.
- Note (optional): Update the description or note.
Click Save Changes.

Send a GET request to the List VPCs endpoint to retrieve available VPCs.
console
```
$ curl "https://api.vultr.com/v2/vpcs" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"
```
The output displays all VPCs in your account. Note the id field for the target VPC.
Send a GET request to the List NAT Gateway subscriptions endpoint to retrieve the gateway ID. Replace VPC_ID with the ID from the previous step.
console
```
$ curl "https://api.vultr.com/v2/vpcs/VPC_ID/nat-gateway" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"
```
The output displays NAT Gateway subscriptions for the VPC. Note the id field for the target gateway.
Send a GET request to the List NAT Gateway Port Forwarding Rules endpoint to retrieve port forwarding rule IDs. Replace VPC_ID and NAT_GATEWAY_ID with your values.
console
```
$ curl "https://api.vultr.com/v2/vpcs/VPC_ID/nat-gateway/NAT_GATEWAY_ID/global/port-forwarding-rules" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"
```
The output displays all port forwarding rules for the gateway. Each rule includes an id, name, external_port, internal_ip, and internal_port field. Note the id field for the rule you want to update.

Send a PUT request to the Update NAT Gateway Port Forwarding Rule endpoint. Replace VPC_ID, NAT_GATEWAY_ID, and PORT_FORWARDING_RULE_ID with your values. Specify the fields you want to update in the request body, including name, protocol (tcp, udp, or both), external_port, internal_ip, internal_port, enabled status, and description.

                            console
                            
                        
$ curl "https://api.vultr.com/v2/vpcs/VPC_ID/nat-gateway/NAT_GATEWAY_ID/global/port-forwarding-rules/PORT_FORWARDING_RULE_ID" \
    -X PUT \
    -H "Authorization: Bearer ${VULTR_API_KEY}" \
    -H "Content-Type: application/json" \
    --data '{
        "name": "ssh-to-webserver-updated",
        "protocol": "tcp",
        "external_port": 2223,
        "internal_ip": "10.0.0.10",
        "internal_port": 22,
        "enabled": true,
        "description": "SSH access - port updated to 2223"
    }'

Verify that the response contains the updated port forwarding rule configuration. The changes apply immediately and affect how traffic routes through the NAT Gateway to the internal destination.

List all VPCs in your account to retrieve the VPC ID.
console
```
$ vultr-cli vpc list
```
List NAT Gateway subscriptions for the VPC to retrieve the NAT Gateway ID.
console
```
$ vultr-cli vpc nat-gateway list <VPC_ID>
```

List port forwarding rules for the NAT Gateway.

                            console
                            
$ vultr-cli vpc nat-gateway port-forwarding-rule list <VPC_ID> <NAT_GATEWAY_ID>

Update the port forwarding rule.

                            console
                            
                        
$ vultr-cli vpc nat-gateway port-forwarding-rule update <VPC_ID> <NAT_GATEWAY_ID> <PORT_FORWARDING_RULE_ID> \
    --name="ssh-to-webserver-updated" --external-port=2223 \
    --description="SSH access - port updated to 2223"

Run vultr-cli vpc nat-gateway port-forwarding-rule update --help to view all available options. The changes apply immediately.

Modify the attributes in your existing vultr_nat_gateway_port_forwarding_rule resource block.

                            terraform
                            
                        
resource "vultr_nat_gateway_port_forwarding_rule" "ssh" {
    vpc_id         = vultr_vpc.my_vpc.id
    nat_gateway_id = vultr_nat_gateway.my_nat.id
    name           = "ssh-to-webserver-updated"
    protocol       = "tcp"
    external_port  = 2223
    internal_ip    = "10.0.0.10"
    internal_port  = 22
    enabled        = true
    description    = "SSH access - port updated to 2223"
}

Note

Changing vpc_id or nat_gateway_id causes Terraform to destroy and recreate the resource. Other fields can be updated in place.

Apply the configuration and observe the following output:

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

How to Update a NAT Gateway Port Forwarding Rule

Comments

Products

Features

Solutions

Marketplace

Resources

Company