Adding Linode private IP address is a good move in securing server traffic.
But, is that all enough?
No. Unfortunately, a Linode private IP address gives access to all users on the same data center. It needs additional methods to secure server.
That’s why, we often get requests from Linode customers to secure their private network as part of our Managed Cloud Services.
Today, we’ll see how our Cloud Engineers securely add private IP address in Linode server and fix common errors with it.
Why to use Linode private IP?
Firstly, let’s see the various reasons to use private IP address in Linode. When you have multiple Linode servers, private IP helps in fast and reliable communication away from public internet.
Similarly, many Linode owners use private IP addresses for their database servers. There is no need for database servers to be directly visible to the outside world. Only web server will need to access the database. That’s how, Linode private IP address comes handy here.
Again, private network traffic does not count against your monthly transfer quota at Linode.
How to add Linode Private IP?
Now we know the various scenarios of Linode private IP usage. Let’s see the steps to add it.
To add a private IP to your Linode server, we need to first access the Linode Manager. Then, click on the particular Linode >> Remote Access tab. We can add the IP by clicking on “Add a private IP” option as shown below.
And, the IP address will be available on the Linode now. This can be confirmed from the shell access too.
[root@lixx1-xx1 ~]# ip a | grep 192
inet 192.168.198.152/17 brd 192.168.255.255 scope global noprefixroute eth0
How we secure Linode private network?
In Linode, all private network traffic is treated as if they are on a big Local Area Network aka LAN. That means, the private IP will be accessible for all users in that network. Likewise, if you do not have proper firewall set up, there can be attacks to your server.
For example, when you have database server listening on private IP address, there is need to restrict connections to selected IP address. For this, our Dedicated Engineers use firewall to allow only selected IP address.
With UFW firewall, we implement this by adding the following rules that block all connections in general and allow only 192.168.17.121
ufw default deny incoming
ufw allow from 192.168.12.121 to any port mysql
Common errors with Linode private IP address
Although adding private IP is pretty easy in Linode, often it do not work as expected. Let’s now see couple of private IP errors and how we fix them.
1. Host Unreachable error
Recently a customer reported problems with his Linode server connectivity. When he was trying to connect from one server to other using private IP, it said:
"Destination Host Unreachable."
Here, our Security Engineers first analyzed both the server configuration. Then, we could see that the network parameters were not properly set. Linode private IP addresses use a netmask of 255.255.128.0. We corrected this and the connection started working.
2. Private IP not shown
Similarly, we often see that private IP address do not list properly when checking from the SSH prompt of the Linode.
To fix this, we need to edit the network interface configuration and add the private IP details.
For example, in Linode Ubuntu servers, our Support Engineers had to add the private IP in the file /etc/systemd/network/05-eth0.network. After this, the IP showed up correctly.
[Need help with private IP address on Linode server? Our Support Engineers can help you.]
Conclusion
In short, the steps to add private IP in Linode server is rather simple. Today, we saw how our Support Engineers secure the private network in Linode and fix common errors with Linode private IP address,
0 Comments