Skip to main content
Public IP addresses
Last update:

Public IP addresses

Public static IP addresses can be connected to devices to configure access to them from the Internet: cloud server, load balancer, cloud database cluster.

To access, the device must be on a private subnet connected to a cloud router with access to the external network — see Prepare a private subnet to connect a public IP address for details. The public IP address is associated with the private IP address of the device, and incoming traffic is handled by the cloud router — it acts as a 1:1 NAT through the external IP address that is allocated when the router is connected to the external network. Incoming traffic can be filtered using a cloud firewall or security group.

When created, the public IP address is automatically allocated from the address pool and cannot be selected. The address is floating (in API — Floating IP), as it can be quickly switched between devices in private subnets. When switching, the address is not changed or deleted.

A public IP address can only be used within one project and one pool.

For public IP addresses there is a limit on the amount of traffic — bandwidth. You can see it in the Bandwidth table.

You can work with public IP addresses in the control panel, using the OpenStack CLI or Terraform.

Create a public IP address

If you create the first public IP address within the project and pool, a private nat network and router-nat cloud router will automatically be created.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkPublic IP Addresses tab.
  3. Click Create IP Address.
  4. Select the pool where the public IP address will be created.
  5. Specify the number of public IP addresses.
  6. Click Create.

Prepare a private subnet to connect a public IP address

To set up access to and from the Internet via a public IP address, you need to connect it to your device.

The device must be on a private subnet or global router subnet that meets the requirements:

  • subnet must be connected to a cloud router connected to an external network. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the external address of the router and for access to the device in the private subnet from the Internet via the public IP address;
  • The private IP address of the cloud router must match the default gateway on the subnet.

If the subnet does not meet the requirements, prepare it to connect a public IP address:

  1. Create a cloud router with a connection to an external network.
  2. Connect the private subnet to the cloud router.

1. Create a cloud router with a connection to an external network

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. Click Create router.
  4. Select the pool where the cloud router will be created.
  5. Enter the name of the router.
  6. Check the box Connect router to external network — an external IP address will be assigned to the router.
  7. Click Create.

2. Connect the subnet to the cloud router

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkCloud routers tab.

  3. Open the router card.

  4. Click Add Subnet.

  5. Select a private subnet or a global router subnet.

  6. Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click ProductsCloud ServersNetworkPrivate Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.

    If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the .253 and .254 service addresses.

  7. Click Add Subnet.

Connect a public IP address to a cloud server

You can connect a public IP address when you create a cloud server or to an already created server.

  1. Ensure that the cloud server is on a subnet that meets the requirements. To prepare the subnet, use the instructions Prepare a private subnet to connect a public IP address. You can view the server subnets in the Control Panel: from the top menu, click ProductsCloud Servers → Server page → Ports tab.
  2. In the dashboard, on the top menu, click Products and select Cloud Servers.
  3. Open the server page → Ports tab.
  4. In the port card, click Connect Public IP.
  5. Select a public IP address.

Disconnect the public IP address from the cloud server

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Open the server page → Ports tab.
  3. In the port card, click next to the public IP address.
  4. Select Disable public IP address.
  5. Click Save.

Connect a public IP address to the load balancer

A static public IP address can be connected when creating a balancer or to an already created balancer.

  1. Make sure the load balancer is on a subnet that meets the requirements. To prepare the subnet, use the instructions Prepare a private subnet to connect a public IP address. You can view the subnets of the load balancer in the Control Panel: in the top menu, click ProductsCloud ServersBalancersBalancers tab → Balancers page → Balancer page → Settings block → Network field.
  2. In the dashboard, on the top menu, click Products and select Cloud Servers.
  3. Go to BalancersBalancers tab.
  4. In the balancer card, click Connect Public IP.
  5. Select a public IP address.
  6. Click Connect.

Disconnect the public IP address from the load balancer

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to BalancersBalancers tab.
  3. In the balancer card of the public IP address, click .
  4. Select Disable public IP address.
  5. Click Save.

Connect a public IP address to a cloud database cluster

A public IP address can be connected when creating a database cluster (example for PostgreSQL) or to an already created cluster.

  1. Ensure that the cloud database cluster is on a subnet that meets the requirements. To prepare the subnet, use the instructions Prepare a private subnet to connect a public IP address. You can view the cluster subnets in the Control Panel: from the top menu, click ProductsCloud DatabasesCluster page → Settings tab → Cluster Network field.
  2. In the Control panel, on the top menu, click Products and select Cloud Databases.
  3. Open the Database Cluster page → Settings tab.
  4. In the Node Addresses and Statuses block, in the line with the node, click Connect Public IP.
  5. Select a public IP address.
  6. Click Connect.

Disconnect the public IP address from the cloud database cluster

  1. In the Control panel, on the top menu, click Products and select Cloud Databases.
  2. Open the Database Cluster page → Settings tab.
  3. In the Node Addresses and Statuses block, in the row with the node, click .
  4. Click Delete.

Configure NAT

To configure NAT, you need port forwarding, which is a way to redirect traffic from one port to another port. For example, you can configure port forwarding on a public IP address to any port on a private subnet — in this case, access to the private port will be organized without creating an additional public IP address.

The public IP address must not be associated with the cloud server, load balancer, or other devices before configuring port forwarding.

Selectel has some TCP/UDP ports blocked by default, traffic through them is blocked.

  1. Open the OpenStack CLI.

  2. Configure port forwarding:

    openstack floating ip port forwarding create \
      --internal-ip-address <internal_ip_address> \
      --port <port> \
      --internal-protocol-port <internal_protocol> \
      --external-protocol-port <external_protocol> \
      --protocol <protocol> \
      <public_ip_address>

    Specify:

    • <internal_ip_address> — The IP address of the port on the private subnet to which the forwarding will be performed;
    • <port> -ID or the name of the port on the private network to which the forwarding will be performed can be viewed with the command openstack port list;
    • <internal_protocol> — protocol of a port on a private subnet;
    • <external_protocol> — the port protocol of the public IP address whose port is being forwarded;
    • <protocol> — Protocol: tcp or udp;
    • <public_ip_address> — The ID or public IP address whose port is being forwarded. You can view it with the command openstack floating ip list.

    Example of a command:

    openstack floating ip port forwarding create \
      --internal-ip-address 192.168.0.2 \
      --port ed010217-9f78-4002-8703-2112da3fef1f \
      --internal-protocol-port 80 \
      --external-protocol-port 80 \
      --protocol tcp \
      192.0.2.7

Delete public IP address

After deletion, the public IP address will return to the public address pool.

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkPublic IP Addresses tab.
  3. In the public IP address card, click .
  4. Enter the IP address to confirm the deletion.
  5. Click Delete.