Public IP addresses

Public static IP addresses can be connected to devices to allow access to them from the Internet: to a cloud server, load balancer, Managed Database cluster.

For access, the device must be in a private subnet connected to a cloud router with Internet access — see Prepare a private subnet for connecting a public IP address. A public IP address is associated with the device's private IP address, and incoming traffic is processed by the cloud router — it performs 1:1 NAT via the external IP address assigned when the router is connected to the Internet. Incoming traffic can be filtered using an cloud firewall or security group.

When created, a public IP address is automatically allocated from the address pool; it cannot be selected. The address is floating (floating IP in the API) because it can be quickly switched between devices in private subnets. When switched, the address does not change or get deleted.

A public IP address can only be used within one project and one pool.

Public IP addresses have bandwidth limits. You can view them in the Bandwidth table.

You can work with public IP addresses in the control panel, using OpenStack CLI or Terraform.

Create a public IP address

If you are creating the first public IP address within a project and pool, a private network named nat and a cloud router named router-nat will be created automatically.

Control Panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to the Network section → Public IP addresses tab.
Click Create IP address.
Select the location where the public IP address will be created.
Specify the number of public IP addresses.
Click Create.

Prepare a private subnet for connecting a public IP address

To configure access to and from the Internet via a public IP address, you need to connect it to a device.

The device must be located in a private subnet or a global router subnet that meets the following requirements:

the subnet must be connected to a cloud router connected to the Internet. If the cloud router is connected to the Internet, it functions as a 1:1 NAT for access from the private network to the Internet via the router's external address and for access to the device in the private subnet from the Internet via the public IP address;
the private IP address of the cloud router must match the default gateway in the subnet.

If the subnet does not meet the requirements, prepare it for connecting a public IP address:

Create a cloud router with Internet access.
Connect a private subnet to the cloud router.

1. Create a cloud router with Internet access

Control panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to the Network section → Cloud Routers tab.
Click Create Router.
Select the location where the cloud router will be created.
Enter the router name.
Select the Connect router to the internet checkbox — an external IP address will be assigned to the router.
Click Create.

2. Connect the subnet to the cloud router

Control panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to the Network section → Cloud Routers tab.
Open the router page.
Click Connect subnet.
Select a private subnet or a global router subnet.
Optional: enter the router IP address—any available IP address from the subnet. If you do not specify an IP address, one will be automatically selected from the available addresses in the subnet.

For devices in the subnet to access the internet without additional routes, the cloud router IP address must match the private subnet gateway. If the subnet gateway is already in use, you will need to configure a static route to the internet in the subnet via the cloud router.

You can view the subnet gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → tab Private networks → network page → tab Subnets → subnet card → block Automatic network settings → field Subnet gateway.
Click Connect.

Connect a public IP address to a cloud server

You can connect a public IP address when creating a cloud server or to an already created server.

Control Panel
OpenStack CLI

Make sure the cloud server is in a subnet that meets the requirements; for more details, see Prepare a private subnet for connecting a public IP address. You can view server subnets in the control panel: in the top menu, click Products → Cloud Servers → server page → Ports tab.
In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to Network.
Open the Public IP addresses tab.
In the public IP address card, click .
Select the private IP address of the cloud server.
Click Save.

Disconnect a public IP address from a cloud server

Control Panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to the Network section.
Open the Public IP addresses tab.
In the public IP address card, click .
In the New private IP for NAT field, select Disconnect current.
Click Save.

Connect a public IP address to a load balancer

You can connect a static public IP address when creating a load balancer or to an already created load balancer.

Control Panel
OpenStack CLI

Make sure the load balancer is located in a subnet that meets the requirements; for more info, see Prepare a private subnet for connecting a public IP address. You can view the load balancer subnets in the Control Panel: on the top menu, click Products → Cloud Servers → Load Balancers → Load Balancers tab → load balancer page → Settings block → Network field.
In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to Network.
Open the Public IP addresses tab.
In the public IP address card, click .
Select the private IP address of the load balancer.
Click Save.

Disconnect a public IP address from a load balancer

Control Panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to the Network section.
Open the Public IP addresses tab.
In the public IP address card, click .
In the New private IP for NAT field, select Disconnect current.
Click Save.

Connect a public IP address to a Managed Database cluster

You can connect a public IP address when creating a database cluster (example for PostgreSQL) or to an already created cluster.

Control Panel

Make sure the Managed Database cluster is in a subnet that meets the requirements; for more details, see Prepare a private subnet for connecting a public IP address. You can view cluster subnets in the control panel: in the top menu, click Products → Managed Databases → cluster page → Settings tab → Cluster network field.
In the Control panel, on the top menu, click Products and select Managed Databases.
Go to Network.
Open the Public IP addresses tab.
In the public IP address card, click .
Select the node's private IP address.
Click Save.

Disconnect a public IP address from a Managed Database cluster

Control Panel

In the Control panel, on the top menu, click Products and select Managed Databases.
Go to Network.
Open the Public IP addresses tab.
In the public IP address card, click .
In the New private address for NAT traffic field, select Disconnect from current.
Click Save.

Switch a public IP address between devices

Control Panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to Network.
Open the Public IP addresses tab.
In the public IP address card, click .
Select a new private IP address for NAT traffic.
Click Save.

Configure NAT

To configure NAT, you need to use port forwarding — configure traffic redirection from one port to another. For example, you can configure port forwarding on a public IP address to any port in a private subnet — in this case, access to the private port will be organized without creating an additional public IP address.

Before you start configuring port forwarding, the public IP address must not be associated with a cloud server, load balancer, or other devices.

In Servercore, some TCP/UDP ports are blocked by default, and traffic through them is prohibited.

OpenStack CLI

Open OpenStack CLI.
Configure port forwarding:
```
openstack floating ip port forwarding create \
  --internal-ip-address <internal_ip_address> \
  --port <port> \
  --internal-protocol-port <internal_protocol> \
  --external-protocol-port <external_protocol> \
  --protocol <protocol> \
  <public_ip_address>
```
Specify:
- <internal_ip_address> — the IP address of the port in the private subnet to which forwarding will occur;
- <port> — ID or name of the port in the private network to which the forwarding will be applied; you can view it using the openstack port list command;
- <internal_protocol> — the protocol of the port in the private subnet;
- <external_protocol> — the protocol of the public IP address port being forwarded;
- <protocol> — protocol: tcp or udp;
- <public_ip_address> — ID or public IP address of the port being forwarded. You can view it using the openstack floating ip list command.
Example command:
```
openstack floating ip port forwarding create \
  --internal-ip-address 192.168.0.2 \
  --port ed010217-9f78-4002-8703-2112da3fef1f \
  --internal-protocol-port 80 \
  --external-protocol-port 80 \
  --protocol tcp \
  192.0.2.7
```

Delete a public IP address

After deletion, the public IP address will be returned to the pool of public addresses.

Control Panel
OpenStack CLI

In the Control panel, on the top menu, click Products and select Cloud Servers.
Go to the Network section → Public IP addresses tab.
In the public IP address card, click .
Enter the IP address to confirm deletion.
Click Delete.