How to Set Up a Network
Follow these steps to create a network in the html5 console:
-
Go to the Networks tab.
-
Click Add.
-
Enter the network name and its description if necessary.
-
Select the routed network type with Internet access.
-
Fill in the network settings in the new window:
- Network Gateway — gateway address, for example
192.168.10.1/24
; - Primary DNS — primary DNS address, for example 8.8.8.8;
- in the Static IP pool field, enter a range of addresses that will be automatically assigned to your VMs in the future and click New. Please note that the input must be in the xxx.xxx.xxx.xxx — yyy.yyy.yyy.yyy format, where xxx.xxx.xxx.xxx is the start subnet address and yyy.yyy.yyy.yyy is the end subnet address. For example, 192.168.10.2 — 192.168.10.22. Addresses from the specified pool will be allocated for your VMs. The number of available IPs (total: 20) will be indicated below.
- Network Gateway — gateway address, for example
-
Click Save.
External IP Address of the VDC
Follow these steps to view the external IP address:
- Go to the Edges tab.
- Right-click on the desired edge.
- The external IP address is specified in the opened Edge Gateway Settings block of the IP Addresses field.
Configuring Edges
Follow these steps to configure the gateway:
- Go to the Edges tab.
- Click Converted to advanced.
- Click Configure services.
You can configure Firewall and NAT rules in the new window.
Configuring NAT Rules
What is NAT?
NAT (Network Address Translation) is a method of remapping private IP addresses to external addresses in IPv4, which allows the VM to access the Internet. The private network uses three blocks of private (gray) IP addresses that are not used on the Internet:
10.0.0.0 --- 10.255.255.255/8
(16777216 hosts);172.16.0.0 --- 172.31.255.255/12
(1048576 hosts);192.168.0.0 --- 192.168.255.255/16
(65536 hosts).
Any organization has the right to use private IP addresses (also called intranet, local, or gray) at its sole option without registering with any organization.
You need a white IP address that will “mask” one or more private IPs to access the Internet. NAT mechanism substitutes (“masks”) gray IP addresses for white ones and vice versa. This allows the entire private network to connect to the Internet through a single public IP address (or address pool) provided by the ISP. The resource of global addresses is expended much more economically.
NAT translation has an important security feature: translation of private IP addresses to public ones from the router pool allows you to hide the topology of the internal network from external users, that is, it makes it difficult for unauthorized access to network resources.
Creating SNAT Rules
Please note that before configuring NAT rules, you need to verify the external IP address of the VDC. Make sure the Firewall is enabled and configured, otherwise, NAT will not work.
Configure SNAT rule to allow VMs to access the Internet:
- Go to the Edges tab.
- Click Configure services.
- Go to the NAT tab.
- There are two blocks in NAT rules, NAT44 Rules and NAT64 Rules. NAT44 means using IPv4 and NAT64 means using IPv6. Currently, IPv6 support is not implemented and only the NAT44 section needs to be filled in.
- Click + SNAT Rule.
- Fill in the following fields in the new window:
- select an external network in the Applied on field;
- specify the address from the local range, for example, 192.168.0.2 (when using the 192.168.0.0/24 subnet) in the Original source IP/Range field;
- specify the external address assigned to your edge router in the Translated source IP/Range field.
- Click Keep.
Creating DNAT Rules
DNAT is a mechanism for changing the destination IP address of a packet, as well as the destination port. It is used to redirect incoming packets from an external IP address/port to a private IP address/port within a private network.
You need to configure DNAT rule to receive packets from the Internet:
- Go to the Edges tab.
- Click Configure services.
- Go to the NAT tab.
- There are two blocks in NAT rules, NAT44 Rules and NAT64 Rules. NAT44 means using IPv4 and NAT64 means using IPv6. It is recommended to fill in the NAT44 block.
- Click + DNAT Rule.
- Fill in the following fields in the new window:
- select an external network in the Applied on field (as with SNAT, this is not an organization-level network!);
- specify the external address assigned to your edge router in the Original source IP/Range field;
- specify the protocol in the Protocol field;
- specify the address from the local range, for example, 192.168.0.2 (when using the 192.168.0.0/24 subnet) in the Translated IP/Range field;
- specify the port in the Translated Port field.
- Click Keep.