Set up access to and from the Internet
You can configure access to and from the Internet for the cloud server, cloud load balancer, and cloud database cluster:
- over a public IP address. This method is more secure, as you can configure filtering of incoming traffic for the private subnet via the cloud firewall;
- over a public subnet.
If the device only requires Internet access without access from the Internet, you can configure it to cloud router.
Set up access to and from the Internet via a public IP address
To configure Internet access to and from the Internet for devices on the private subnet, you must connect the subnet to a cloud router with access to the external network and connect a public IP address to the device. The cloud router acts as a 1:1 NAT via the external IP address that is allocated when the router is connected to the external network: it organizes access to the Internet from the private subnet and processes incoming traffic packets for the public IP addresses.
You can connect a public IP address by cloud server creation, creating a cloud-based load balancer, Creating a cloud database cluster (PostgreSQL example) as well as after creation.
The device must be on a private subnet or a global router subnet that meets the requirements. Use the instructions to prepare the subnet Prepare a private subnet to connect a public IP address.
- Create a public IP address.
- Create a cloud router that connects to an external network.
- Connect a private subnet to the cloud router.
- Connect a public IP address to a device port on the private subnet.
Create a public IP address
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Public IP addresses.
- Click Create an IP address.
- Select pool This will create a public IP address.
- Specify the number of public IP addresses — 1.
- Click Create.
-
Create a public IP address:
openstack floating ip create external-network
Create a cloud router with connection to an external network
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Routers.
- Click Create a router.
- Select pool in which a cloud router will be created.
- Enter the name of the router.
- Check the box Connect the router to an external network — an external IP address will be assigned to the router.
- Click Create.
-
Create a cloud router:
openstack router create <router_name>
Specify
<router_name>
— the name of the cloud router. -
Connect the cloud router to an external network — an external IP address will be assigned to the router:
openstack router set --external-gateway external-network <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
Connect a subnet to the cloud router
Control panel
OpenStack CLI
-
В control panels go to Cloud platform → Network.
-
Open the tab Routers.
-
Open the router card.
-
Click Add a subnet.
-
Select a private subnet or a global router subnet.
-
Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. To view the default gateway on the private subnet, click the tab Private networks → network card → tab Subnetworks → subnet row → column Gateway.
If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and be different from the global router's IP address, the IP addresses of devices on the network, and service addresses
.253
и.254
. -
Click Add a subnet.
-
Connect the subnet to the cloud router:
openstack router add subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
;<subnet>
— ID or private subnet name, can be viewed with the commandopenstack subnet list
Connect a public IP address to a device port on a private subnet
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Private networks.
- Open the network card → tab Ports.
- In the port row, in the column Public IP click Connect.
- Select a public IP address.
-
Connect a public IP address to the port:
openstack floating ip set --port <port> <public_ip_address>
Specify:
<port>
— The port ID of the cloud server or load balancer, can be viewed using the commandopenstack port list
;<public_ip_address>
— ID or public IP address, can be viewed with the commandopenstack floating ip list
Configure access to and from the Internet via public subnetwork
To set up access to and from the Internet through the public subnet You must connect the device to a public subnet. For a load balancer and cloud database cluster, this can only be done by creating a balancer и creating a cluster (example for PostgreSQL). The cloud server can be connected to a public subnet or by server creation, or after creation — to do this you need to add to the cloud server on a public subnet via port.
Create a public subnet
Control panel
- В control panels go to Cloud platform → Network.
- Open the tab Public subnets.
- Click Create a subnet.
- Select pool, a public subnet will be created.
- Select subnet size — the range of IP addresses available on the subnet.
- Optional: To change the DNS servers, tap . Enter one to three values. Press .
- Click Create.
Add the cloud server to the public subnet via port
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Servers.
- Open the server page → tab Ports.
- Click Add a port.
- Select a public subnet.
- Enter the IP address of the port.
- Click Add a port.
-
Create a port on the public subnet:
openstack port create \
--network <subnet> \
--fixed-ip subnet=<subnet>,ip-address=<port_ip_address> \
<port_name>Specify:
<subnet>
— ID or public subnet name, can be viewed with the commandopenstack network list
;<port_ip_address>
— IP address of the port;<port_name>
— port name.
-
Add a port to the cloud server:
openstack server add port <server> <port>
Specify:
<server>
— The ID or name of the cloud server, can be viewed using the commandopenstack server list
;<port>
— ID or port name, can be viewed with the commandopenstack port list
Set up internet access via cloud router
You can configure Internet access for devices on a private subnet without external access from the Internet.
To do this, connect a cloud router with external network access to the private subnet or global router subnet where the device resides. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the router's external IP address. The external address is only used to access the Internet from the device, it cannot be used to connect to devices on the subnet.
- Create a cloud router that connects to an external network.
- Connect a private subnet to the cloud router.
Create a cloud router with connection to an external network
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Routers.
- Click Create a router.
- Select pool in which a cloud router will be created.
- Enter the name of the router.
- Check the box Connect the router to an external network — an external IP address will be assigned to the router.
- Click Create.
-
Create a cloud router:
openstack router create <router_name>
Specify
<router_name>
— the name of the cloud router. -
Connect the cloud router to an external network — an external IP address will be assigned to the router:
openstack router set --external-gateway external-network <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
Connect the subnet to the cloud router
Control panel
OpenStack CLI
-
В control panels go to Cloud platform → Network.
-
Open the tab Routers.
-
Open the router card.
-
Click Add a subnet.
-
Select a private subnet or a global router subnet.
-
Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. To view the default gateway on the private subnet, click the tab Private networks → network card → tab Subnetworks → subnet row → column Gateway.
If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and be different from the global router's IP address, the IP addresses of devices on the network, and service addresses
.253
и.254
. -
Click Add a subnet.
-
Connect the subnet to the cloud router:
openstack router add subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
;<subnet>
— ID or private subnet name, can be viewed with the commandopenstack subnet list