ECS Internet Access
<p>Cloud services can be accessed only after connecting corresponding services or Elastic Load Balancing (ELB) services to the Internet. Thus, we first need to create an Internet Gateway (IGW).</p>
<p><span style="font-size:18px"><strong>ECS Internet Access (EAST CHINA)</strong></span></p>
<p><strong>Create Internet Gateway</strong></p>
<p>Please perform the following steps to create an Internet gateway.</p>
<p>1. On the Ping An Cloud console, click <strong>All Products → Internet Gateway </strong>to enter the Overview page of the IGW.</p>
<p>2. Click <strong>IGW </strong>to enter the IGW page.</p>
<p>3. Click <strong>Create</strong> in the upper right corner to enter the Create IGW page.</p>
<p>4. Select the corresponding VPC and click <strong>PURCHASE</strong> to enter the Order Confirmation page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112408-1f6591aa97f1.png" style="height:367px; width:830px" /></p>
<p>5. Check the order information and click <strong>CONFIRM OPEN </strong>to complete the creation.</p>
<p><strong>Note:</strong> To view the IGW created, please click <strong>IGW</strong> to enter the IGW page. For the configuration details of the IGW, please click its name to enter the IGW Information page.</p>
<p> </p>
<p><strong>Add an Internet Network Interface Controller (NIC) to an ECS</strong></p>
<p>Please perform the following steps to add an Internet NIC to an ECS:</p>
<p>1. On the IGW Information page, click <strong>ECS IP ADDRESSS</strong> to enter the ECS IP ADDRESS page.</p>
<p>2. Click <strong>Create</strong> to enter the Create ECS IP Address page.</p>
<p>3. Click <strong>ADD INSTANCE</strong> and the Add Instance dialog box pops up.</p>
<p>4. Select the ECS instance to which you want to add a NIC and click <strong>Confirm</strong> to return to the Create ECS IP Address page.</p>
<p><strong>Note:</strong> You can only add Internet NICs to ECSs in DMZ.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112504-1dbbeaf3975e.png" style="height:241px; width:830px" /></p>
<p>5. Select ISP and Bandwidth and click <strong>PURCHASE</strong> to enter the Order Confirmation page.</p>
<p>6. Check the order information and click <strong>CONFIRM OPEN </strong>to complete the creation.</p>
<p><strong>Note:</strong> You can view the IP Address of the corresponding ECS on the ECS IP ADDRESS page.</p>
<p> </p>
<p><strong>Connect to an ECS via the Internet</strong></p>
<p>To connect to an ECS via the Internet, you need to open the ingress port TCP 3389 of the Windows ECS and the port TCP 22 of the Linux ECS, which can be operated on the security policy management page.</p>
<p>To connect to an ECS via the Internet, please perform the following steps to create a security policy:</p>
<p>1. On the ECS IP ADDRESS page, find the ECS to be configured and click <strong>Manage</strong> under<strong> Security Policy</strong> to enter the security policy management page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112534-16e876ca97d5.png" style="height:239px; width:830px" /></p>
<p>2. Click <strong>Create</strong> and the Create Security Policy dialog box pops up.</p>
<p>3. Refer to the screenshot below, select the Direction and Protocol Type of the security policy, input the Port Range and Authorized IP, and click <strong>Confirm</strong> to complete the creation.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112600-1afc19439eea.png" style="height:345px; width:830px" /></p>
<p><strong>Note:</strong></p>
<p>• In the above example of the Linux ECS, the ingress port 22 is opened and the authorized IP 0.0.0.0/0 stands for the whole Internet. If needed, you can also specify a network segment to log in.</p>
<p>• If an ECS needs to provide Web services for the Internet, the ports should be 80 and 443.</p>
<p> </p>
<p><strong>ECS Accesses Internet</strong></p>
<p>If an ECS needs to access the Internet via browsers, egress ports 80 and 443 need to be created. Please perform the following steps to create a security policy:</p>
<p>1. On the ECS IP ADDRESS page, find the ECS to be configured and click <strong>Manage</strong> under<strong> Security Policy</strong> to enter the security policy management page.</p>
<p>2. Click <strong>Create</strong> and the Create Security Policy dialog box pops up.</p>
<p>3. Refer to the screenshot below, select the Direction and Protocol Type of the security policy, input the Port Range and Authorized IP, and click <strong>Confirm</strong> to complete the creation.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112634-1e5955c19db4.png" style="height:341px; width:830px" /></p>
<p><strong>Note:</strong></p>
<p>• If more than one ports need to be input, please separate them with English commas.</p>
<p>• If the ECS needs to use the DNS service of the Internet, you need to open the egress ports TCP 53 and UDP 53 and configure a DNS server for the ECS.</p>
<p><strong>Configure DNS Server</strong></p>
<p>For Windows server</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20192702105025-182a900595d1.png" style="height:593px; width:614px" /></p>
<p>After the configuration, you can see the DNS server in the Network Connection Details window of the NIC.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20192702105045-15bef2a497e1.png" style="height:601px; width:442px" /></p>
<p>For Linux server</p>
<p>Add a DNS server to an ECS. Enter command vi /etc/resolv.conf to modify the DNS configuration of the ECS, and add the command in the screenshot below.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20181202144400-1182e845922a.png" /></p>
<p>After the modification, save the file and view the DNS status.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20181202144405-15cadddb964a.png" /></p>
<p>Now, the DNS server has been added.</p>
<p>By default, there is no need to add DNS server or modify the DNS information manually.</p>
<p> </p>
<p><span style="font-size:18px"><strong>ECS Internet Access (Other Region)</strong></span></p>
<p><strong>Create NAT Gateway</strong></p>
<p>Please perform the following steps to create a NAT gateway:</p>
<p>1. On the Ping An Cloud console, click <strong>All Products → Virtual Private Cloud </strong>to enter the Overview page of the VPC.</p>
<p>2. Click <strong>NAT Gateway</strong> to enter the NAT Gateway page.</p>
<p>3. Click <strong>Create</strong> in the upper right corner to enter the Create NAT Gateway page.</p>
<p>4. Select a VPC and NAT gateway specification and click <strong>PURCHASE</strong> to enter the Order Confirmation page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112746-1c9e99f09c05.png" style="height:364px; width:830px" /></p>
<p>5. Check the order information and click <strong>CONFIRM OPEN </strong>to complete the creation.</p>
<p><strong>Note:</strong> You can view the NAT gateway created on the NAT Gateway page. For further details of the NAT gateway, please click its name to enter the NAT Detail page.</p>
<p> </p>
<p><strong>Connect to an ECS via the Internet</strong></p>
<p>Destination NAT (DNAT) is used when the Internet accesses the intranet (ELB). It needs to configure security group rules with “IN” direction.</p>
<p>Please perform the following steps to connect to an ECS via the Internet:</p>
<p>1. On the NAT Detail page, click <strong>BANDWIDTH</strong> to enter the Bandwidth page.</p>
<p>2. Click <strong>Create </strong>to enter the Buy Bandwidth Package page.</p>
<p>3. Select Total Bandwidth and Internet IP Count and Click <strong>PURCHASE </strong>to enter the Order Confirmation page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112810-18021d0a9e58.png" style="height:323px; width:830px" /></p>
<p>4. Check the order information and click <strong>CONFIRM OPEN </strong>to complete the creation.</p>
<p>5. On the NAT Detail page, click <strong>DNAT RULE </strong>to enter the DNAT Rule page.</p>
<p>6. Click <strong>Create </strong>to enter the Create DNAT Rule page.</p>
<p>7. Select Mapping Type and Internet IP, enter Intranet IP (the IP address of the subnet in the DMZ partition under the VPC where the NAT gateway is located) and port number, and click <strong>CREATE</strong> to complete the creation.</p>
<p><strong>Note:</strong> You can view the DNAT rule created on the DNAT Rule page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112833-1786f26d949e.png" style="height:352px; width:830px" /></p>
<p>8. On the console, click <strong>All Products → Elastic Compute Service </strong>to enter the Overview page of the ECS.</p>
<p>9. Click <strong>Security Group</strong> to enter the Security Group page. Select <strong>SOUTH CHINA 1</strong> region.</p>
<p>10. Click <strong>Create</strong> and the Create Security Group window pops up.</p>
<p>11. Select a VPC and network and Click <strong>Confirm</strong> to complete the creation.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112855-17555a699b88.png" style="height:336px; width:830px" /></p>
<p>12. On the Security Group page, click the name of the corresponding security group to enter the Security Group Information page.</p>
<p>13. Click <strong>Add Instance</strong> and the Add Instance window pops up.</p>
<p>14. Select an instance and Click <strong>Confirm</strong> to add it to the security group.</p>
<p>15. Click <strong>Security Group Rules</strong> to enter the security group rules management page.</p>
<p>16. Click <strong>Create</strong> and the Create Security Group Rules window pops up.</p>
<p>17. Select Rules Direction, enter Authorize IP and click <strong>Confirm</strong> to complete the creation.</p>
<p><strong>Note:</strong></p>
<p>• The Rules Direction is<strong> IN</strong>.</p>
<p>• The Authorize IP is the Internet IP scope.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112927-162d5eb597e5.png" style="height:346px; width:830px" /></p>
<p> </p>
<p><strong>ECS Accesses Internet</strong></p>
<p>Source NAT (SNAT) is used when the intranet accesses the Internet. It needs to configure a security group rule with “OUT” direction.</p>
<p>If an ECS needs to access the Internet, Please perform the following steps:</p>
<p>1. Click <strong>All Products → Virtual Private Cloud </strong>on the console to enter the Overview page of the VPC.</p>
<p>2. Click <strong>NAT Gateway</strong> to enter the NAT Gateway page.</p>
<p>3. Click the name of the NAT gateway to enter the NAT Detail page.</p>
<p>4. Click <strong>BANDWIDTH</strong> to enter the Bandwidth page.</p>
<p>5. Click <strong>Create </strong>to enter the Buy Bandwidth Package page.</p>
<p>6. Select Total Bandwidth and Internet IP Count and Click <strong>PURCHASE </strong>to enter the Order Confirmation page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204112947-15b0f0079d9c.png" style="height:330px; width:830px" /></p>
<p>7. Check the order information and click <strong>CONFIRM OPEN </strong>to complete the creation.</p>
<p>8. On the NAT Detail page, click <strong>SNAT RULE</strong> to enter the SNAT Rule page.</p>
<p>9. Click <strong>Create </strong>to enter the Create SNAT Rule page.</p>
<p>10. Select Source CIDR and Internet IP and click <strong>CREATE</strong> to complete the creation.</p>
<p><strong>Note:</strong> You can view the SNAT rule created on the SNAT RULE page.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20191204113012-142db11a993e.png" style="height:327px; width:830px" /></p>
<p>11. On the console, click <strong>All Products → Elastic Compute Service </strong>to enter the Overview page of the ECS.</p>
<p>12. Click <strong>Security Group</strong> to enter the Security Group page. Select <strong>SOUTH CHINA 1</strong> region.</p>
<p>13. Click the name of the security group created in the previous steps to enter the Security Group Information page. Click <strong>Security Group Rules</strong>.</p>
<p>14. Click <strong>Create</strong> and the Create Security Group Rules window pops up.</p>
<p>15. Select Rules Direction, enter Authorize IP and click <strong>Confirm</strong> to complete the creation.</p>
<p><strong>Note:</strong></p>
<p>• The Rules Direction is <strong>OUT</strong>.</p>
<p>• The Authorize IP is the Internet IP scope.</p>
Did the above content solve your problem?
Yes
No
Submitted successfully! Thank you for your feedback, we will try our best to do better and better!