HomeNetworkpublic gatewayshow to
configure instances public gw
Jump toUpdate content

How to configure Instances attached to a Public Gateway

Reviewed on 24 May 2023Published on 26 May 2021

This page explains how to configure Instances plugged into a Private Network attached to a Public Gateway.

Security & Identity (IAM):

You may need certain IAM permissions to carry out some actions described on this page. This means:

  • you are the Owner of the Scaleway Organization in which the actions will be carried out, or
  • you are an IAM user of the Organization, with a policy granting you the necessary permission sets

How to take advantage of auto-configuration

Default Instance images for Ubuntu, Debian and CentOS support autoconfiguration of interfaces plugged into a Private Network attached to a Public Gateway.

They leverage helper scripts provided by the scaleway-ecosystem package. These scripts:

  • enable DHCP on the interfaces plugged into a Private Network
  • make the default route received by DHCP the primary route for all traffic on the Instance
  • keep the route to the Scaleway Metadata API more specific (see below).

If your Instance does not get autoconfigured, it may be that you are using an old version of the scaleway-ecosystem package. scaleway-ecosystem 0.0.4 or later is required. Use the following command to update it:

  • On Ubuntu (Focal, Bionic and Xenial) or Debian (Stretch and Buster):

    # apt update && apt install scaleway-ecosystem
    # apt list scaleway-ecosystem
    Listing... Done
    scaleway-ecosystem/bionic,now 0.0.5 all [installed]
  • On CentOS 8 or Fedora 32, get the link to the latest release’s rpm on this page and install it as follows:

    # rpm -vUh https://github.com/scaleway/scaleway-packages/releases/download/v0.0.4/scaleway-ecosystem-0.0.5.noarch.rpm

Security Groups rules are applied to public Internet connections only. The security group rules do not apply to Private Network connections. See our Limitations and Troubleshooting documentation for further help.

How to carry out manual configuration

If you cannot or do not want to rely on the automatic configuration mechanism, you can configure your Instance manually.


If your Instance supports autoconfiguration and you want to configure manually, make sure to disable autoconfiguration as follows:

# mv /lib/udev/rules.d/72-scw-vpc-iface.rules /lib/udev/rules.d/.72-scw-vpc-iface.rules
# reboot

By default, Instances are configured with a default route on their public interface that allows them to reach the Scaleway Metadata API. When an Instance is autoconfigured using DHCP and learns its default route through the gateway, it ends up with two default routes: one towards the gateway on the Private Network and the other towards the Scaleway Metadata API on the public interface. It is necessary to adjust the metric of the default route through the gateway to make it the preferred one and to configure the route to the Scaleway Metadata API manually.

  1. Update the route to the Scaleway Metadata API.

    The endpoint for the Scaleway Metadata API is and the gateway depends on your Instance. You can retrieve it with the following command:

    # ip route show
    default via dev eth0 proto dhcp metric 100 dev eth0 proto kernel scope link src metric 100

    The address of the gateway to the Scaleway Metadata API is Now, add a specific route to the API as follows:

    # ip route add via
  2. Configure DHCP on the Instance, adjusting the metric of the default route.

    Example using netplan:

    version: 2
    dhcp4: true
    route-metric: 50

    and using ifupdown:

    auto ens4
    iface ens4 inet dhcp
    metric 50

How to troubleshoot any problems

See our Public Gateways troubleshooting documentation

See Also