Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Mon Mar 05, 2012 1:46 pm 
Offline
Newbie

Joined: Mon Mar 05, 2012 1:25 pm
Posts: 3
I've been trying to find some info on how linode deals with internal IPs.

I'm used to dealing with EC2, where instances do not have public IPs unles given them explicitly, and I find that works very nicely (particularly with their NAT-style instance DNS naming meaning you can still connect directly to nodes without a public IP). Is it reasonable to use this approach with linode too? For example I have no need for database servers (or web servers behind proxies) to be directly visible to the outside world, so rather than futzing with firewalls, just not having a public IP is much simpler. I can have a public node act as an SSH gateway to allow me to connect to private IPs for admin purposes.

Is traffic between linode instances belonging to a single account contained by some kind of vlan so the traffic is not visible to any other instances, or do I need to implement a local vpn or similar security layer between instances?

Is there some kind of meta-firewall, like EC2's security groups?

I've been rummaging in here, the library and wiki but not found anything on these.


Top
   
 Post subject:
PostPosted: Mon Mar 05, 2012 2:06 pm 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
All private network traffic is treated like all linodes in a datacenter are just on a big LAN; nobody else can hear your directed traffic, but you'll pick up broadcasts. If you need secure traffic between linodes beyond what standard switches can provide, you can use encrypted tunnels. Normally, since nobody can enter promiscuous mode, simply using firewall rules to prevent LAN access to anything but your own linodes is sufficient, with the VPN solution being available if you need full security.

To avoid having a public IP, you can simply unbind it from the virtual network card (as in change the config file to not assign the IP to an interface).


Top
   
 Post subject:
PostPosted: Mon Mar 05, 2012 5:06 pm 
Offline
Newbie

Joined: Mon Mar 05, 2012 1:25 pm
Posts: 3
Thanks for the info.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group