Port forwarding

Port forwarding through NAT is required to provide access to the virtual machine from the outside. For example, you can create appropriate rules for connecting to a virtual machine via RDP or SSH, open access to a website or application.

To configure port forwarding:

1) Go to Networking -> Edges. Click on VEG. Click CONFIGURE SERVICES.

2) In the NAT tab, click + DNAT RULEto create a DNATrule that will allow you to connect to the VM on the internal network using the external IP address of the VEG. In the rule settings window, specify:

Applied On - external network connected to VEG (See "Configuring VEG for Internet access" p. 2)

Description - enter a description. This will help you understand in the future what the rule was created for.

Original (External) IP/range - specify the external IP address of the VEG (See "Configuring VEG for Internet access" p. 2)

Translated (Internal) IP / range - specify the IP address of the virtual machine to which you want to connect.

Protocol - specify the used protocol: TCP or UDP.

Original port - specify the port that will be accessible from outside. For security reasons, it is recommended to use ports other than the default ports. For example, TCP port 3389 is used for the RDP protocol. In the Original port field, you can specify 53389.

Translated port - specify the port to which you want to connect on the virtual machine. For RDP, TCP port 3389 is used.

Enabled - enable the rule.

Click KEEP to add the rule. Click Save changes to save your settings.

3) Go to the Firewall and click +A row of the new rule will appear in the table. To create a rule, specify:

Name - the name of the rule.

Source - specify the address which you plan to connect from.

To allow connections from any address, use the value any value.

Destination - external IP address of the VEG (See "Configuring VEG for Internet access" p. 2).

Service - click +, specify the used protocol: TCP or UDP.

Source port - use any value.

Destination port - the same value as in the "Original port" field of item 2.

Action – Accept.

Click KEEP to add the rule. Click Save changes to save your settings.

How can we help you?
Request Demo Access

BEST, money transfer and payments operator

business challenge

The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.

Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.


To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.

Thank you for your inquiry, we will get back to you shortly!