To ensure network security, the security group does not allow any inbound traffic from the public network by default. This may result in your instance being inaccessible from the public internet, so you need to manually configure it to allow such connections.
Login to Nearoute and select "Security Group Management" on the left sidebar to view the list of security groups. Alternatively, you can directly access the security group management page. Refer to the following image:
After clicking "Create Security Group," you can choose a template to allow commonly used ports, which is more convenient.
The preset template information is shown in the table below:
Template | Description | Scenario |
---|---|---|
Open all ports | Default open all ports to both public and private networks, with certain risks. | |
Open ports 22, 80, 443, 3389 and ICMP protocol | Default open ports 22, 80, 443, 3389 and ICMP protocol, fully open within the private network. | Instances in the security group need to deploy web services. |
Custom | After successful creation of the security group, add security group rules as needed. |
If you need to customize ports, select "Customize," fill in the name and description, and click "Create Security Group." Once created, the security group will appear below as shown in the image.
If you choose to open all ports, the content created will be as shown in the following image.
If you choose to allow ports 22, 80, 443, 3389, and the ICMP protocol, the content created will be as shown in the following image.
Click "Edit" to customize the security group.
You can easily allow port 22 to facilitate connecting to the server, or add custom rules. Choose the protocol (TCP/UDP/ICMP) and the rule; you can select to allow all (e.g., all TCP protocols) or specific ports (e.g., customized TCP protocols). "Direction": Select the direction to allow traffic (inbound/outbound). "CIDR": Specify the relevant CIDR to allow, such as 192.168.1.0/24. You can enter 0.0.0.0/0 to allow all IPv4 addresses. If you need to allow IPv6 traffic, enter the IPv6 CIDR format, such as ::/0 to allow all IPv6 addresses.
Please refer to the instructions in the image.
You have now completed the basic steps of creating security group rules. Security groups are designed to ensure the security of cloud server network data and are an indispensable part of cloud computing.
© 2022 Nearoute. Develop by Nearoute.