Setting up VEG for Internet access

1) Go to Networking -> Edges. Click on VEGThe parameters of the selected VEG.

2) The IP Addresses section contains the external IP address of the VEG and the name of the external network. These parameters are required to configure NAT and Firewall. Memorize them or write them down.

3) Click CONFIGURE SERVICES.

4) In the NAT tab, click + SNAT RULEto create a SNATrule that will allow the VM from the internal network to go to the Internet using the external IP address of the VEG. In the rule settings window, specify:

Applied on - external network connected to VEG (see point 2).

Description - enter a description. This will help you understand in the future what the rule was created for.

Original (Internal) source IP / range - specify the range of addresses of the data center network, which the VMs are connected to. You can also specify the entire network, for example 192.168.0.0/24.

Translated (External) source IP / range - specify the external IP address of the VEG (see item 2).

Enabled - enable the rule.

Click KEEP to add the rule. Click Save changes.

5) Go to the Firewall tab and click +. A row of the new rule will appear in the table.

By default, the Firewall is in Deny mode - traffic blocking. It is recommended to follow this principle for the rules: everything is prohibited except the allowed traffic. Thus, in the rules, you specify which traffic to allow.

To create a rule, specify:

Name - the name of the rule. For example, the Internet.

Source - specify the range of addresses which access is granted for. You can also specify the entire network, for example 192.168.0.1/24. Use internal to specify all internal networks.

Destination - in this case, you need to allow "any external address". Use the external value.

Service - in this case, you need to allow any protocol. Click +, set the value to any value.

Action – Accept.

6) Click Save changes to save your settings.

Connect to the virtual

How can we help you?
Request Demo Access
client:

BEST, money transfer and payments operator

business challenge

The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.

Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.

Solution

To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.

Thank you for your inquiry, we will get back to you shortly!