Working only with private IPs
I'm used to dealing with EC2, where instances do not have public IPs unles given them explicitly, and I find that works very nicely (particularly with their NAT-style instance DNS naming meaning you can still connect directly to nodes without a public IP). Is it reasonable to use this approach with linode too? For example I have no need for database servers (or web servers behind proxies) to be directly visible to the outside world, so rather than futzing with firewalls, just not having a public IP is much simpler. I can have a public node act as an SSH gateway to allow me to connect to private IPs for admin purposes.
Is traffic between linode instances belonging to a single account contained by some kind of vlan so the traffic is not visible to any other instances, or do I need to implement a local vpn or similar security layer between instances?
Is there some kind of meta-firewall, like EC2's security groups?
I've been rummaging in here, the library and wiki but not found anything on these.
2 Replies
To avoid having a public IP, you can simply unbind it from the virtual network card (as in change the config file to not assign the IP to an interface).