Linode private IPs
My understanding is that they are basically a shared LAN within a single data center.
not accessible from the internet
not accessible from other Linode datacenters
are accessible from any customer Linode in the same datacenter (assuming they know or can discover the private IP address)
So if I'm specifying firewall rules (eg for a standalone database server bound to my private IP), it's not sufficiently secure to limit inbound connections to the private IP range (eg 192.168.128.0/17) in my firewall rules - I actually need to be specific in only allowing inbound connections from my own individual servers (ie one rule for each private IP I want to allow) - is that correct?
I guess the real question is - is there an easy way of saying "allow inbound connections from any of my own private IP addresses - but only mine" … or do I basically just have to list each of my private IP addresses in the firewall rules - for example:
ufw default deny incoming
ufw allow from 192.168.aaa.bbb to any port mysql
ufw allow from 192.168.ccc.ddd to any port mysql
… etc
1 Reply
Your understanding of the private IP is correct, same with the latter firewall rules you mentioned. You need list each specific IP address you're allowing connections from on the private network, so:
ufw default deny incoming
ufw allow from 192.168.aaa.bbb to any port mysql
ufw allow from 192.168.ccc.ddd to any port mysql
… etc
Just make sure you have static IP configuration set up and you should be good to go!
Regards,
Soh