Enable Internet access in a Private Network (GCP)
This article is a continuation of the previous article on Accessing Secure Servers from Internet so make sure you give it a read before you proceed further.
Scenario - Bob tries configure the VM to his requirements and has to install & update packages but, he finds out that there's no internet access on Bob's server box. He remembers that he has configured a private VPC that has private access enabled. Bob wants the server to be secured but, it should also have the capability to download whatever is needed from the internet!
We can accomplish this with the help of GCP's Cloud NAT. The diagram below gives an overview of how Cloud NAT arch looks like.
Consider the Cloud NAT as a gatekeeper who has specific instructions about which person gets to access the outside world (in our case a person is a metaphor for a Virtual Machine and the outside world is the internet!)
Run the commands given below and, your server will have the power!
Run the following commands in your terminal or on GCP Cloud Shell.
gcloud compute routers create <nat-router-us-central1> \
--network <my-vpc> \
--region <us-central1>
This command creates a router as per values specified in
--network
and--region
options.
gcloud compute routers nats create nat-config \
--router-region <us-central1> \
--router <nat-router-us-central1> \
--nat-all-subnet-ip-ranges \
--auto-allocate-nat-external-ips
The 2nd command will create a NAT and attach the router created by the previous command along with extra params which will apply to all subnet ip ranges and auto allocate external IPs to the NAT.
Replace <values> with relevant names for your setup
Bob is now happy! he was able to configure internet access to his secure server which is on a private network.
Summary
We looked at how GCP Cloud NAT works and how to configure it to enable Internet access for servers in a private network (VPC).
References -