Skip to main content

Configure access to and from the Internet

For the cloud server, cloud load balancer, and Managed Database cluster, you can configure access to and from the Internet:

If a device only requires Internet access without access from the Internet, you can configure it via a cloud router.

Select an access method to and from the Internet

Public floating IP addressDirect public IP addressPublic subnetCloud router with Internet connection
Internet access
Access from the Internet
Available for devices
  • cloud server;
  • cloud load balancer;
  • Managed Database cluster
  • cloud server
  • cloud server;
  • cloud load balancer;
  • Managed Database cluster
  • cloud server
Minimum number of IP addresses to purchaseOne IP addressOne IP addressSubnet with size from /29One external IP address, included in the router cost
How traffic reaches the deviceTo a floating IP address, then NAT 1:1 via a cloud router to the deviceDirectly to the portDirectly to the portTo the external IP address of the router, then NAT 1:1 via a cloud router to the device
Available traffic filtering tools
  • cloud firewall;
  • security groups;
  • allowed IP/MAC addresses
  • security groups
  • security groups;
  • allowed IP/MAC addresses
  • Cloud firewall

Configure access to and from the Internet via a public floating IP address

To configure access to and from the Internet for devices in a private subnet, you must connect the subnet to a cloud router with Internet access and connect a public floating IP address to the device. The cloud router performs 1:1 NAT via an external IP address, which is allocated when the router is connected to the Internet: it organizes Internet access from the private subnet and handles incoming traffic packets for public floating IP addresses.

You can connect a public floating IP address when creating a cloud server, creating a cloud load balancer, creating a Managed Database cluster (example for PostgreSQL), and after creation.

The device must be located in a private subnet or a global router subnet that meets the requirements. To prepare the subnet, use the Prepare a private subnet for connecting a public floating IP address guide section Public Floating IP Addresses.

  1. Create a public floating IP address.
  2. Create a cloud router with Internet connection.
  3. Connect the private subnet to the cloud router.
  4. Connect a public floating IP address to the port of the device in the private subnet.
  5. If the subnet gateway does not match the cloud router IP address, configure a static route to the Internet in the subnet.

1. Create a public floating IP address

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section → Public IP addresses tab.
  3. Click Create IP address.
  4. Select the location where the public floating IP address will be created.
  5. Specify the number of public floating IP addresses — 1.
  6. Click Create.

2. Create a cloud router with Internet connection

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section → Cloud Routers tab.
  3. Click Create Router.
  4. Select the location where the cloud router will be created.
  5. Enter the router name.
  6. Select the Connect router to the internet checkbox — an external IP address will be assigned to the router.
  7. Click Create.

3. Connect a subnet to the cloud router

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to the Network section → Cloud Routers tab.

  3. Open the router page.

  4. Click Connect subnet.

  5. Select a private subnet or a global router subnet.

  6. Optional: enter the router IP address—any available IP address from the subnet. If you do not specify an IP address, one will be automatically selected from the available addresses in the subnet.

    For devices in the subnet to access the internet without additional routes, the cloud router IP address must match the private subnet gateway. If the subnet gateway is already in use, you will need to configure a static route to the internet in the subnet via the cloud router.

    You can view the subnet gateway in the control panel: in the top menu, click ProductsCloud ServersNetwork → tab Private networks → network page → tab Subnets → subnet card → block Automatic network settings → field Subnet gateway.

  7. Click Connect.

4. Connect a public floating IP address to the device port in the private subnet

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section → Private networks tab.
  3. Open the network page → Ports tab.
  4. In the cloud server or load balancer port card, click Connect public IP.
  5. Select a public floating IP address.
  6. Click Connect.

5. Configure a static route to the Internet in the subnet

If, when connecting a subnet to a cloud router, you specified a router IP address that differs from the subnet gateway, you must configure a static route to the Internet in the subnet via a cloud router. When configuring, specify:

  • destination subnet — 0.0.0.0/0;
  • gateway (next-hop) — cloud router IP address.

Configure access to and from the Internet via a direct public IP address

For your information

Direct public IP addresses are unavailable in pools uz-1, uz-2, ke-1.

If your server uses a public floating IP address and you want to switch to a direct public one, use the Switch a cloud server from a floating public IP address to a direct public IP address section

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. In the Servers section, open the server page → Ports.
  3. Click Add port.
  4. In the Subnet field, select Direct public IP address.
  5. Select an existing IP address or click New IP address.
  6. Click Add.

Switch a cloud server from a floating public IP address to a direct public IP address

For your information

Direct public IP addresses are unavailable in pools uz-1, uz-2, ke-1.

Switching from a floating to a direct public IP address will allow you to stop using a cloud router — traffic will go directly to the cloud server port.

Note that:

  • The server's IP address will change because floating and direct public IP addresses are allocated from different public ranges;
  • you will not be able to use a cloud firewall to filter traffic;
  • you will not be able to set allowed IP/MAC addresses for the port. Traffic on a port with a public direct IP address can only be sent from a single IP/MAC address pair.

To switch to a direct public IP address:

  1. Connect a direct public IP address to the cloud server.
  2. If you had security groups configured other than the default group, assign them to the new port.
  3. Change the default gateway on the cloud server.
  4. Optional: check Internet access to and from the Internet.
  5. Optional: delete the cloud router.
  6. Optional: delete the public floating IP address.

1. Connect a direct public IP address to the cloud server

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. In the Servers section, open the server page → Ports.
  3. Click Add port.
  4. In the Subnet field, select Direct public IP address.
  5. Select an existing IP address or click New IP address.
  6. Click Add.

2. Assign security groups to the new port

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. In the Servers section, open the server page → Ports tab.
  3. In the old port card, check the list of security groups in the security group field.
  4. In the new port card, in the security group field, click .
  5. In the Security groups field, select the groups that were assigned to the old port.
  6. Click Save.

3. Change the default gateway on the cloud server

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. In the Servers section, open the server page → Ports tab.
  3. In the menu of the port, select Assign default gateway from subnet.
  4. Update the network settings on the server.

4. Optional: check Internet access to and from the Internet

  1. Open the CLI.

  2. Check server availability by the new IP address:

    ping <direct_public_ip>

    Specify <direct_public_ip> — the direct public IP address that you connected to the server.

  3. Connect to the server.

  4. From the server, check availability of any public IP address, for example:

    ping 8.8.8.8

5. Optional: delete the cloud router

You can delete a cloud router if it was used only for Internet access. Use the Delete cloud router guide section Cloud Routers.

6. Optional: delete the public floating IP address

After deletion, the public floating IP address will return to the pool of public addresses. You will not be able to purchase the same floating IP address again.

Use the Delete public floating IP address guide section Public Floating IP Addresses.

Configure access to and from the Internet via a public subnet

To configure access to and from the Internet via a public subnet, you must connect the device to the public subnet. For a load balancer and Managed Database cluster, this can only be done when creating a load balancer and creating a cluster (example for PostgreSQL). A cloud server can be connected to the public subnet either when creating the server, or after creation — to do this, you need to add the cloud server to the public subnet via a port.

  1. Create a public subnet.
  2. Add the cloud server to the public subnet via a port.

1. Create a public subnet

  1. In the Control panel, on the top menu click Products and select Cloud Servers.
  2. Go to the Network section → Public Networks tab.
  3. Click Create subnet.
  4. Select the location where the public subnet will be created.
  5. Select the subnet size — the range of IP addresses available in the subnet.
  6. Optional: to change DNS servers, click . Enter one to three values. Click .
  7. Click Create.

2. Add the cloud server to the public subnet via a port

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Open the server page → Ports tab.
  3. Click Add port.
  4. Select a public subnet.
  5. Enter the port IP address.
  6. Click Add port.

Configure Internet access via a cloud router

You can configure Internet access for devices in a private subnet without external access from the Internet.

To do this, you must connect a cloud router with Internet access to the private subnet or to the global router subnet where the device is located. If the cloud router is connected to the Internet, it performs 1:1 NAT to provide access from the private network to the Internet via the router's external IP address. The external address is used only for device-to-Internet access; you cannot connect to devices in the subnet using it.

  1. Create a cloud router with Internet connection.
  2. Connect the private subnet to the cloud router.
  3. If the subnet gateway does not match the cloud router IP address, configure a static route to the Internet in the subnet.

1. Create a cloud router with Internet connection

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section → Cloud Routers tab.
  3. Click Create Router.
  4. Select the location where the cloud router will be created.
  5. Enter the router name.
  6. Select the Connect router to the internet checkbox — an external IP address will be assigned to the router.
  7. Click Create.

2. Connect a subnet to the cloud router

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to the Network section → Cloud Routers tab.

  3. Open the router page.

  4. Click Connect subnet.

  5. Select a private subnet or a global router subnet.

  6. Optional: enter the router IP address—any available IP address from the subnet. If you do not specify an IP address, one will be automatically selected from the available addresses in the subnet.

    For devices in the subnet to access the internet without additional routes, the cloud router IP address must match the private subnet gateway. If the subnet gateway is already in use, you will need to configure a static route to the internet in the subnet via the cloud router.

    You can view the subnet gateway in the control panel: in the top menu, click ProductsCloud ServersNetwork → tab Private networks → network page → tab Subnets → subnet card → block Automatic network settings → field Subnet gateway.

  7. Click Connect.

3. Configure a static route to the Internet in the subnet

If, when connecting a subnet to a cloud router, you specified a router address that differs from the subnet gateway, you must configure a static route to the Internet in the subnet via a cloud router. When configuring, specify:

  • destination subnet — 0.0.0.0/0;
  • gateway (next-hop) — cloud router IP address.