How to configure NAT for Kafka?

To access your Kafka cluster from external networks via a public IP address, you can configure NAT by following the steps below:

Step 1: Open required port

Configure the Security Group to allow inbound access on port 9093 for all Kafka nodes. (Refer to Security Group configuration guide)

Step 2: Configure NAT (DNAT)

Set up DNAT rules using the public IP address (IP_PUBLIC) as follows:

For a 1-node Kafka cluster:
- DNAT IP_PUBLIC:9092 → IP_NODE_1:9093
For a 3-node Kafka cluster:
- DNAT IP_PUBLIC:9092 → IP_NODE_1:9093
- DNAT IP_PUBLIC:9093 → IP_NODE_2:9093
- DNAT IP_PUBLIC:9094 → IP_NODE_3:9093

Step 3: Configure Public Endpoint

Navigate to the Parameter Management page of the Kafka cluster (refer to here)
Select parameter type Static
Update the parameter public_endpoint with the configured IP_PUBLIC.
Click Save to apply changes.

Note : Changes to Static parameters require a cluster restart so the service may experience a brief interruption during the restart. Please perform NAT configuration during off-peak hours to minimize impact on applications.

Step 1: Open required port​

Step 2: Configure NAT (DNAT)​

Step 3: Configure Public Endpoint​

Step 1: Open required port

Step 2: Configure NAT (DNAT)

Step 3: Configure Public Endpoint