Configure access to and from the Internet
For the cloud server, cloud load balancer, and Managed Database cluster, you can configure access to and from the Internet:
- via a public floating IP address;
- via a direct public IP address — for cloud server only;
- via a public subnet.
If a device only requires Internet access without access from the Internet, you can configure it via a cloud router.
Select an access method to and from the Internet
Configure access to and from the Internet via a public floating IP address
To configure access to and from the Internet for devices in a private subnet, you must connect the subnet to a cloud router with Internet access and connect a public floating IP address to the device. The cloud router performs 1:1 NAT via an external IP address, which is allocated when the router is connected to the Internet: it organizes Internet access from the private subnet and handles incoming traffic packets for public floating IP addresses.
You can connect a public floating IP address when creating a cloud server, creating a cloud load balancer, creating a Managed Database cluster (example for PostgreSQL), and after creation.
The device must be located in a private subnet or a global router subnet that meets the requirements. To prepare the subnet, use the Prepare a private subnet for connecting a public floating IP address guide section Public Floating IP Addresses.
- Create a public floating IP address.
- Create a cloud router with Internet connection.
- Connect the private subnet to the cloud router.
- Connect a public floating IP address to the port of the device in the private subnet.
- If the subnet gateway does not match the cloud router IP address, configure a static route to the Internet in the subnet.
1. Create a public floating IP address
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Go to the Network section → Public IP addresses tab.
- Click Create IP address.
- Select the location where the public floating IP address will be created.
- Specify the number of public floating IP addresses — 1.
- Click Create.
2. Create a cloud router with Internet connection
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Go to the Network section → Cloud Routers tab.
- Click Create Router.
- Select the location where the cloud router will be created.
- Enter the router name.
- Select the Connect router to the internet checkbox — an external IP address will be assigned to the router.
- Click Create.
3. Connect a subnet to the cloud router
Control panel
OpenStack CLI
-
In the Control panel, on the top menu, click Products and select Cloud Servers.
-
Go to the Network section → Cloud Routers tab.
-
Open the router page.
-
Click Connect subnet.
-
Select a private subnet or a global router subnet.
-
Optional: enter the router IP address—any available IP address from the subnet. If you do not specify an IP address, one will be automatically selected from the available addresses in the subnet.
For devices in the subnet to access the internet without additional routes, the cloud router IP address must match the private subnet gateway. If the subnet gateway is already in use, you will need to configure a static route to the internet in the subnet via the cloud router.
You can view the subnet gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → tab Private networks → network page → tab Subnets → subnet card → block Automatic network settings → field Subnet gateway.
-
Click Connect.
4. Connect a public floating IP address to the device port in the private subnet
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Go to the Network section → Private networks tab.
- Open the network page → Ports tab.
- In the cloud server or load balancer port card, click Connect public IP.
- Select a public floating IP address.
- Click Connect.
5. Configure a static route to the Internet in the subnet
If, when connecting a subnet to a cloud router, you specified a router IP address that differs from the subnet gateway, you must configure a static route to the Internet in the subnet via a cloud router. When configuring, specify:
- destination subnet —
0.0.0.0/0; - gateway (next-hop) — cloud router IP address.
Configure access to and from the Internet via a direct public IP address
Direct public IP addresses are unavailable in pools uz-1, uz-2, ke-1.
If your server uses a public floating IP address and you want to switch to a direct public one, use the Switch a cloud server from a floating public IP address to a direct public IP address section
Control panel
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- In the Servers section, open the server page → Ports.
- Click Add port.
- In the Subnet field, select Direct public IP address.
- Select an existing IP address or click New IP address.
- Click Add.
Switch a cloud server from a floating public IP address to a direct public IP address
Direct public IP addresses are unavailable in pools uz-1, uz-2, ke-1.
Switching from a floating to a direct public IP address will allow you to stop using a cloud router — traffic will go directly to the cloud server port.
Note that:
- The server's IP address will change because floating and direct public IP addresses are allocated from different public ranges;
- you will not be able to use a cloud firewall to filter traffic;
- you will not be able to set allowed IP/MAC addresses for the port. Traffic on a port with a public direct IP address can only be sent from a single IP/MAC address pair.
To switch to a direct public IP address:
- Connect a direct public IP address to the cloud server.
- If you had security groups configured other than the default group, assign them to the new port.
- Change the default gateway on the cloud server.
- Optional: check Internet access to and from the Internet.
- Optional: delete the cloud router.
- Optional: delete the public floating IP address.
1. Connect a direct public IP address to the cloud server
Control panel
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- In the Servers section, open the server page → Ports.
- Click Add port.
- In the Subnet field, select Direct public IP address.
- Select an existing IP address or click New IP address.
- Click Add.
2. Assign security groups to the new port
Control panel
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- In the Servers section, open the server page → Ports tab.
- In the old port card, check the list of security groups in the security group field.
- In the new port card, in the security group field, click .
- In the Security groups field, select the groups that were assigned to the old port.
- Click Save.
3. Change the default gateway on the cloud server
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- In the Servers section, open the server page → Ports tab.
- In the menu of the port, select Assign default gateway from subnet.
- Update the network settings on the server.
4. Optional: check Internet access to and from the Internet
-
Open the CLI.
-
Check server availability by the new IP address:
ping <direct_public_ip>Specify
<direct_public_ip>— the direct public IP address that you connected to the server. -
Connect to the server.
-
From the server, check availability of any public IP address, for example:
ping 8.8.8.8
5. Optional: delete the cloud router
You can delete a cloud router if it was used only for Internet access. Use the Delete cloud router guide section Cloud Routers.
6. Optional: delete the public floating IP address
After deletion, the public floating IP address will return to the pool of public addresses. You will not be able to purchase the same floating IP address again.
Use the Delete public floating IP address guide section Public Floating IP Addresses.
Configure access to and from the Internet via a public subnet
To configure access to and from the Internet via a public subnet, you must connect the device to the public subnet. For a load balancer and Managed Database cluster, this can only be done when creating a load balancer and creating a cluster (example for PostgreSQL). A cloud server can be connected to the public subnet either when creating the server, or after creation — to do this, you need to add the cloud server to the public subnet via a port.
1. Create a public subnet
Control panel
- In the Control panel, on the top menu click Products and select Cloud Servers.
- Go to the Network section → Public Networks tab.
- Click Create subnet.
- Select the location where the public subnet will be created.
- Select the subnet size — the range of IP addresses available in the subnet.
- Optional: to change DNS servers, click . Enter one to three values. Click .
- Click Create.
2. Add the cloud server to the public subnet via a port
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Open the server page → Ports tab.
- Click Add port.
- Select a public subnet.
- Enter the port IP address.
- Click Add port.
Configure Internet access via a cloud router
You can configure Internet access for devices in a private subnet without external access from the Internet.
To do this, you must connect a cloud router with Internet access to the private subnet or to the global router subnet where the device is located. If the cloud router is connected to the Internet, it performs 1:1 NAT to provide access from the private network to the Internet via the router's external IP address. The external address is used only for device-to-Internet access; you cannot connect to devices in the subnet using it.
- Create a cloud router with Internet connection.
- Connect the private subnet to the cloud router.
- If the subnet gateway does not match the cloud router IP address, configure a static route to the Internet in the subnet.
1. Create a cloud router with Internet connection
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Go to the Network section → Cloud Routers tab.
- Click Create Router.
- Select the location where the cloud router will be created.
- Enter the router name.
- Select the Connect router to the internet checkbox — an external IP address will be assigned to the router.
- Click Create.
2. Connect a subnet to the cloud router
Control panel
OpenStack CLI
-
In the Control panel, on the top menu, click Products and select Cloud Servers.
-
Go to the Network section → Cloud Routers tab.
-
Open the router page.
-
Click Connect subnet.
-
Select a private subnet or a global router subnet.
-
Optional: enter the router IP address—any available IP address from the subnet. If you do not specify an IP address, one will be automatically selected from the available addresses in the subnet.
For devices in the subnet to access the internet without additional routes, the cloud router IP address must match the private subnet gateway. If the subnet gateway is already in use, you will need to configure a static route to the internet in the subnet via the cloud router.
You can view the subnet gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → tab Private networks → network page → tab Subnets → subnet card → block Automatic network settings → field Subnet gateway.
-
Click Connect.
3. Configure a static route to the Internet in the subnet
If, when connecting a subnet to a cloud router, you specified a router address that differs from the subnet gateway, you must configure a static route to the Internet in the subnet via a cloud router. When configuring, specify:
- destination subnet —
0.0.0.0/0; - gateway (next-hop) — cloud router IP address.