This article will show you how to configure your Business Cloud.
iiNet Business Cloud allows you to configure network services such as DHCP, firewalls, network address translation (NAT), VPN and static routing for your organisation's network.
Some basic network configuration on your part will be required before your virtual machine(s) will be accessible externally. We have provided instructions for a simple network setup below.
To configure your network in your Business Cloud you will first need to first follow these steps to access the Edge Gateway Services. All other menu options will need you first get to this area before progressing.
Please note that your Business Cloud network configuration is your responsibility and isn't supported by our hosting support team.
Select one of the links below to jump to a query:
Business Cloud makes extensive use of Network Address Translation (NAT) to connect the Virtual Machines to the internet. This means that even though you may only have one external IP address, you may be able to have several servers sitting behind the one IP address doing different tasks. In our Business Cloud environment, rules can be setup for outbound and inbound traffic.
Once you have entered the Edge Gateway Services screen:
SNAT (Source NAT) is used for traffic leaving the VMs to the Internet and DNAT (Destination NAT) is for traffic heading towards the virtual machines from the Internet.
To set up an Outbound NAT rule to allow your machines to contact the Internet:
Adding inbound NAT rules is similar to adding outbound NAT rules, except it has the added bonus of being able to specify ports.
If you are familiar with port forwarding, this is essentially what inbound NAT rules can do.
Below we will run through two examples of NAT rules for inbound traffic.
IMPORTANT: This is the riskiest setup you can use for NAT as it allows all traffic going to your external IP to reach your VM. This setup is NOT recommended unless you are comfortable with this and you;re confident in the firewall rules that have been installed and configured on your VM.
It is recommended to only use this as a temporary measure to access your VM or services on the VM while adding other NAT rules.
This is the recommended method for setting up inbound NAT rules. It will allow you to point and limit traffic as you please, Even if you have one external IP address you can host several servers doing different things. For example, have one server hosting website, one server hosting emails and one server acting as a name server. This works by pointing traffic heading to a specific port to a specific server.
In the above example we are allowing Remote Desktop access to the server with an Internal IP of 192.168.0.5. Remote desktop utilizes the TCP protocol on port 3389.
Below we are again working with Remote Desktop and already have one rule setup for 3389. We did not want to change the port it uses on the server so we are using the NAT rules to do it for us. We are pointing port 3390 on the same IP to point to port 3389 on a different virtual machine.
The Firewall tab is located next to the NAT tab.
The firewall is run on a simulated router between your VMs and the Internet and will need to be setup along side the NAT rules above if you wish to leave it enabled.
Like NAT the firewall also has inbound and outbound rules. When creating rules, you will need to remember that for inbound, the target will need to be your external IP where as outbound the source will need to be an internal IP.
In the image below, we will be allowing all inbound traffic to our 202.59.xxx.xxx IP on port 80 to be allowed.
In the above screenshot, we have set the Source to External as we want all external traffic to be allowed through. This can be set to limit to a single IP or an IP Range.
In most inbound firewall rules, the Source Port will nearly always be set to any.
The Destination is our external IP address and the Destination Port is 80 (HTTP/Web).
This section was written for the older vCloud Director.
The site-to-site VPN feature allows you to connect your vCloud network to another network. This is not a client-to-server tunnel (which could be accomplished via other means, such as OpenVPN), but the joining of the networks into one, to allow the secure transfer of information and sharing of resources.
Tick the box Enable site-to-site VPN and click on Add.
- A network in another organization - i.e. a different Business Cloud account. You will need the login details for the second account.
- A remote network in this organizations - another network setup you already have in the existing Business Cloud account.
- A remote network - an external, non-vCloud network that has similar VPN capabilities. In this example, a remote network was chosen.
If you require assistance using vCloud Director, you can click Help at the top right of the vCloud Director page to access the User Help section, or contact iiNet Hosting on 1300 378 638 or firstname.lastname@example.org.