Scribd Logo
Upload

Welcome to Scribd!

  • 1 views

    Nat VPC Design Step

    Uploaded by

    guptaniraj2051

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Nat VPC Design Step

    Uploaded by

    guptaniraj2051
    1 views7 pages

    Original Title

    NAT_VPC_DESIGN_STEP

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    1 views7 pages

    Nat VPC Design Step

    Uploaded by

    guptaniraj2051

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 7

    Steps Overview:

    1. Create a resource group.


    2. Create a virtual network with at least one subnets
    3. Create NAT Gateways with outbound public ip for private subnets
    4. Create network security groups (NSGs) for each subnet to control traffic.
    5. Associate NSGs with the subnets.
    6. Create a route table
    7. Create a 2 vm
    8. Test outbound intenet connectivity

    1. Create a Resource Group


    bash
    Copy code
    az group create --name MyResourceGroup --location uksouth

    “””
    sample output as shell
    niraj [ ~ ]$ az group create --name MyResourceGroup --
    location uksouth
    {
    "id": "/subscriptions/e08170e1-1e39-4f35-97e3-
    48023c73f562/resourceGroups/MyResourceGroup",
    "location": "uksouth",
    "managedBy": null,
    "name": "MyResourceGroup",
    "properties": {
    "provisioningState": "Succeeded"
    },
    "tags": null,
    "type": "Microsoft.Resources/resourceGroups"

    “””

    2. Create a Virtual Network with Three Subnets


    bash
    Copy code
    # Create Virtual Network and Web Subnet
    az network vnet create \
    --name MyVnet \
    --resource-group MyResourceGroup \
    --address-prefix 10.0.0.0/16 \
    --subnet-name WebSubnet \
    --subnet-prefix 10.0.1.0/24
    # Add Application Subnet
    az network vnet subnet create \
    --resource-group MyResourceGroup \
    --vnet-name MyVnet \
    --name AppSubnet \
    --address-prefix 10.0.2.0/24

    # Add Database Subnet


    az network vnet subnet create \
    --resource-group MyResourceGroup \
    --vnet-name MyVnet \
    --name DbSubnet \
    --address-prefix 10.0.3.0/24

    #sample output for first subnet


    {
    "newVNet": {
    "addressSpace": {
    "addressPrefixes": [
    "10.0.0.0/16"
    ]
    },
    "enableDdosProtection": false,
    "etag": "W/\"839921ab-2718-4722-a67e-7dc1359825cb\"",
    "id":
    "/subscriptions/e08170e1-1e39-4f35-97e3-48023c73f562/resourceGroups/
    MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet",
    "location": "uksouth",
    "name": "MyVnet",
    "provisioningState": "Succeeded",
    "resourceGroup": "MyResourceGroup",
    "resourceGuid": "cb85fe32-4c98-4fd5-9a16-c875757275e4",
    "subnets": [
    {
    "addressPrefix": "10.0.1.0/24",
    "delegations": [],
    "etag": "W/\"839921ab-2718-4722-a67e-7dc1359825cb\"",
    "id":
    "/subscriptions/e08170e1-1e39-4f35-97e3-48023c73f562/resourceGroups/
    MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/
    WebSubnet",
    "name": "WebSubnet",
    "privateEndpointNetworkPolicies": "Disabled",
    "privateLinkServiceNetworkPolicies": "Enabled",
    "provisioningState": "Succeeded",
    "resourceGroup": "MyResourceGroup",
    "type": "Microsoft.Network/virtualNetworks/subnets"
    }
    ],
    "type": "Microsoft.Network/virtualNetworks",
    "virtualNetworkPeerings": []
    }
    }

    3. Create NAT Gateway for Private Subnets

    Step 1: Create a Public IP for the NAT Gateway

    bash
    Copy code
    az network public-ip create \
    --resource-group MyResourceGroup \
    --name NatGatewayPublicIP \
    --sku Standard \
    --allocation-method Static

    Step 2: Create the NAT Gateway

    bash
    Copy code
    az network nat gateway create \
    --resource-group MyResourceGroup \
    --name MyNatGateway \
    --public-ip-addresses NatGatewayPublicIP

    Step 3: Associate the NAT Gateway with the Private Subnets (WebSubnet Subnets)

    bash
    Copy code
    # Associate NAT Gateway with Application Subnet
    az network vnet subnet update \
    --resource-group MyResourceGroup \
    --vnet-name MyVnet \
    --name WebSubnet \
    --nat-gateway MyNatGateway

    4. Create Network Security Groups (NSGs) to Control Traffic

    Step 1: Create NSGs

    bash
    Copy code
    # Create NSG for Web Subnet
    az network nsg create \
    --resource-group MyResourceGroup \
    --name WebNSG

    Step 2: Define NSG Rules for Each Subnet

    Web Subnet (Allow HTTP/HTTPS and SSH)

    bash
    Copy code
    # Allow HTTP/HTTPS inbound to Web servers
    az network nsg rule create \
    --resource-group MyResourceGroup \
    --nsg-name WebNSG \
    --name AllowHTTP \
    --priority 100 \
    --protocol Tcp \
    --direction Inbound \
    --destination-port-ranges 80 443 \
    --access Allow

    # Allow SSH from a management IP (assume 10.0.1.4)


    az network nsg rule create \
    --resource-group MyResourceGroup \
    --nsg-name WebNSG \
    --name AllowSSH \
    --priority 200 \
    --protocol Tcp \
    --direction Inbound \
    --source-address-prefixes 10.0.1.4 \
    --destination-port-ranges 22 \
    --access Allow

    5. Create a route table

    +ADD

    Outboundinternet 0.0.0.0/0 nexthop internet

    6. Create a Virtual Machine


    - create a vm with a public ip
    - create another vm with no public ip.

    #test outbound connectivity with curl cmd

    the ping command, which uses ICMP (Internet Control Message Protocol), is typically blocked by Azure
    NAT Gateways by default. Azure's NAT Gateways do not support ICMP traffic for inbound or outbound
    connections.

    List resources in a resource group

    az resource list --resource-group MyResourceGroup --output table

    az group delete --name <resource-group-name> --yes --no-wait

    az group delete --name MyResourceGroup --yes --no-wait

    Configuring XRDP (a Remote Desktop Protocol server for Linux) allows you to connect to a
    Linux machine using a Remote Desktop Client from another system (like Windows). Below are
    step-by-step instructions to install and configure XRDP on a typical Ubuntu server.

    Step 1: Update Your System

    Before installing any packages, ensure your system is up-to-date:

    bash
    Copy code
    sudo apt update
    sudo apt upgrade

    Step 2: Install XRDP and a Desktop Environment

    XRDP requires a desktop environment to provide a graphical interface. For this example, we'll
    install XFCE, a lightweight desktop environment.

    1. Install XFCE:

    bash
    Copy code
    sudo apt install xfce4 xfce4-goodies

    2. Install XRDP:

    bash
    Copy code
    sudo apt install xrdp

    Step 3: Configure XRDP

    1. Set the default desktop environment for XRDP:


    Create or edit the .xsession file in your home directory to start the XFCE session:

    bash
    Copy code
    echo "xfce4-session" > ~/.xsession

    2. Configure XRDP to use XFCE:

    Edit the XRDP configuration file:

    bash
    Copy code
    sudo nano /etc/xrdp/xrdp.ini

    Look for the section labeled [Xvnc] and ensure it includes the following lines (if not
    present, add them):

    ini
    Copy code
    exec startxfce4

    Alternatively, you may need to set it in a different section depending on your distribution.
    Make sure it points to the XFCE session.

    Step 4: Start and Enable XRDP

    1. Start the XRDP service:

    bash
    Copy code
    sudo systemctl start xrdp

    2. Enable the XRDP service to start on boot:

    bash
    Copy code
    sudo systemctl enable xrdp

    Step 5: Configure Firewall (if applicable)

    If you have a firewall enabled (like UFW), you will need to allow traffic on the XRDP port
    (default is 3389):

    bash
    Copy code
    sudo ufw allow 3389/tcp

    Step 6: Connect to the XRDP Server


    1. Use a Remote Desktop Client (like Microsoft Remote Desktop):
    o Open your Remote Desktop Client and enter the IP address of your Linux
    machine.
    o Use your Linux username and password to log in.
    2. Choose the session:
    o You should see the XFCE desktop when connected.

    Troubleshooting

     Black Screen Issues: If you encounter a black screen upon connecting, try the following:
    o Ensure you set the .xsession correctly to start the XFCE session.
    o Check the XRDP logs for any errors:

    bash
    Copy code
    sudo tail -f /var/log/xrdp.log

     Session Disconnections: If sessions disconnect frequently, ensure that your firewall and
    network settings allow for sustained connections.

    You might also like