Configure a Public Gateway

How to configure a Public Gateway

Published on 26 May 2021

This page shows how to attach a Public Gateway to a Private Network, how to configure DHCP and NAT and how to enable SMTP.

Security & Identity (IAM):

You may need certain IAM permissions to carry out some actions described on this page. This means:

you are the Owner of the Scaleway Organization in which the actions will be carried out, or
you are an IAM user of the Organization, with a policy granting you the necessary permission sets

Requirements:

You have an account and are logged into the Scaleway console
You have created a Public Gateway

How to attach a Public Gateway to a Private Network

Click Public Gateways in the Network section of the side menu.
Click the Public Gateway that you want to attach to a Private Network. You are taken to the Overview page for that Public Gateway.
Click the Private Networks tab. A list of Private Networks attached to the Public Gateway displays. If no Private Networks are attached, the list will be empty.
Click «Plus Icon» to attach a new Private Network to the Public Gateway. The following pop-up displays:
Choose to attach an existing or a new Private Network.
- If you want to attach an existing Private Network, select Select and attach an existing Private Network and choose the desired network from the drop-down list.
  Note:
  Note: Only Private Networks which are in the same Availability Zone as the Public Gateway are displayed in this list.
- If you want to create and attach a new Private Network, select Create and attach a new Private Network. A default name will be suggested for you, but feel free to overwrite this with a new name of your choice.
- Choose whether to Enable or Disable the DHCP server:
  - Enable DHCP: The Public Gateway will dynamically assign IP addresses to Instances in the Private Network. Enabling DHCP also enables the advertisement of a default route and DNS server through the Public Gateway. Both of these options can be disabled later.
  - Disable DHCP: None of the above functionalities will be applied.
- Choose the subnet you would like to use for this network, e.g. 192.168.42.0/24. You may find the note here helpful if you are having difficulty choosing a subnet. Alternatively, click Auto to auto-generate a subnet, if you have enabled DHCP.
- Choose whether to Enable or Disable Dynamic NAT:
  - Enable Dynamic NAT: Private IP addresses in the Private Network are automatically mapped to the public IP address of the Public Gateway, enabling automatic routing of egress traffic to and from multiple devices within the Private Network. Note: you will also be able to configure static NAT settings for ingress traffic.
  - Disable Dynamic NAT: The above functionality is not applied.
Click Attach Private Network to finish. You are taken back to the Private Networks tab, where the network you attached now appears, along with the services configured and the IP address of the Public Gateway.

Your Private Network is now attached to your Public Gateway. You can repeat the steps above to attach more Private Networks to the same Public Gateway if you wish.

How to review and configure DHCP

You can review and (if you wish) modify the DHCP configuration of an existing Public Gateway as follows:

Click Public Gateways in the Network section of the side menu.
Click the Public Gateway whose configuration you wish to modify. You are taken to the Overview page for that Public Gateway.
Click the DHCP tab. The following page displays:
DHCP is configured per Private Network. Select a Private Network from the drop-down menu to review its configuration.
- Toggle «Toogle Icon» to View DHCP Status to view the current MAC/IP associations (aka DHCP leases).
- Toggle «Toogle Icon» to Configure DHCP and click «Edit Icon» Edit to modify the network’s DHCP configuration.
Modify the following configuration parameters according to your needs:
- Enable or disable the DHCP server
- Change the advertised subnet by specifying a subnet address with a mask. Click Auto to automatically compute a /24 subnet. The minimum subnet size is /28. The Public Gateway is assigned the first address of the subnet.
- Enable or disable the advertisement of a default route through the Public Gateway
- Enable or disable the advertisement of a DNS server. By default, the Public Gateway’s IP address is specified, which allows Instance names to be resolved to their allocated IP addresses. You can also specify the address of a DNS server of your choice. Clicking Auto will reset this to the Public Gateway’s IP address.
- Modify the dynamic range used to dynamically assign IP addresses to devices on the network. This range should fall within the configured subnet and should not overlap with the static associations.
- Create or delete static associations to assign IP addresses based on the MAC addresses of the Instance. Statically assigned IP addresses should fall within the configured subnet, but be outside the dynamic range.
Click «Validate Icon» to save your configuration changes, or the red cross to cancel.

Note:
Newer Instances support DHCP auto-configuration, learning their IP address and the default route through the gateway automatically. However, older Instances may require manual configuration. You should refer to the documentation on configuring Instances attached to a Public Gateway for further clarification on these points, and instructions for manual configuration.

Note:

For services like DBaaS which requires a service IP, you can reserve one IP address in the DHCP pool by assigning it to a non existing MAC address. You can use the 00:00:00:00:00:00 MAC address for this purpose.

How to review and configure NAT

You can review and (if you wish) modify the NAT configuration of an existing Public Gateway as follows:

Click Public Gateways in the Network section of the side menu.
Click the Public Gateway whose configuration you wish to modify. You are taken to the Overview page for that Public Gateway.
Click the NAT tab. The following page displays, allowing you to review your NAT configuration:
In the Dynamic NAT panel, toggle «Toogle Icon» Dynamic NAT on or off for each Private Network attached to this Public Gateway, as you wish.
In the Static NAT panel, click Add Static NAT to add a new configuration for any Private Network attached to this Gateway. The following screen displays:
Add the following information for your new static NAT configuration:
- Protocol: Choose TCP, UDP or Both from the drop-down menu
- Public Port: Choose the Public Gateway port you want to use for this mapping
- Private IP address: Enter the Private IP address of the Instance you want to map to. This should be included within one of the configured subnets of an attached Private Network. Usually, a static DHCP association is used too, to make sure this address does not change.
- Private Port: Choose which of the Instance’s ports you want to map to.
Click «Validate Icon» to save your configuration changes, or «Cancel Icon» to cancel.

Your new static NAT configuration is now saved, and displays on the NAT panel. You can repeat steps 6-8 to add new static NAT configurations as you wish.

How to enable SMTP

By default, the SMTP ports (25, 465, 587 and 2525) on your Public Gateway are blocked to avoid spam. If you wish to send emails from resources located behind your Public Gateway, make sure those resources have also enabled SMTP and then enable SMTP on your Public Gateway as follows:

Click Public Gateways in the Network section of the side menu.
Click the Public Gateway whose configuration you wish to modify. You are taken to the Overview page for that Public Gateway.
Scroll down to the SMTP panel, and use the toggle «Toogle Icon» to enable SMTP.

Important:

See our troubleshooting documentation if you have any problems configuring your Public Gateway.