Setting up a private network for migrated Cloud Servers (Ubuntu 20.04, 22.04, 24.04, and Debian 12 with Netplan)
Please use the “Print” function at the bottom of the page to create a PDF.
For migrated Cloud Servers
This article shows you how to configure the private network settings for migrated Cloud Servers with Ubuntu 20.04, 22.04, 24.04, and Debian 12 with Netplan.
In a private network, the servers communicate via local IPs that are not routed on the Internet. To be able to use a server in a private network, you must first assign the server in the Cloud Panel to the desired private network. As soon as the server has been assigned to the desired private network, an additional, unconfigured network interface is available on it. You must configure this network interface on the server.
Requirements
- You have created a private network.
- You have assigned the desired server to the private network in the Cloud Panel.
- You have logged in to the server as an administrator.
- You have noted the IPv4 and IPv6 addresses of the server.
Note
Instructions on how to establish an encrypted connection to your server are listed in the following articles:
Establishing an SSH connection to your Linux server on a computer with Microsoft Windows
Establishing an SSH connection to your Linux server on a Linux computer
How to configure the network interface to set up a private network:
Check whether Netplan is used for the network configuration
To check whether your server is already using Netplan for the network configuration, complete the following.
Change to the /etc/netplan directory:
[root@localhost ~]# cd /etc/netplan
Check whether there is already a configuration file in this directory. To do this, enter the following command:
[root@localhost ~]# ls
- Make a note of the name of the configuration file.
Determine network interface
Determine the name of the network interface. To do this, enter the following command:
[root@localhost ~]# ip addr
Example:
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:01:37:83:4d:66 brd ff:ff:ff:ff:ff:ff:ff
altname enp0s6
inet 85.215.124.167/32 metric 100 scope global dynamic ens6
valid_lft 374sec preferred_lft 374sec
inet6 2a02:2479:7:e00::/128 scope global dynamic noprefixroute
valid_lft 3079sec preferred_lft 2079sec
inet6 2a02:2479:7:e00::1/128 scope global dynamic noprefixroute
valid_lft 3079sec preferred_lft 2079sec
inet6 fe80::1:37ff:fe83:4d66/64 scope link
valid_lft forever preferred_lft forever
3: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:01:bb:ea:2f:f9 brd ff:ff:ff:ff:ff:ff:ff
altname enp0s7
inet 10.7.226.13/24 metric 100 brd 10.7.226.255 scope global dynamic ens7
valid_lft 377sec preferred_lft 377sec
inet6 fe80::1:bbff:feea:2ff9/64 scope link
valid_lft forever preferred_lft forever
In this example, the name of the unconfigured network interface for the private network is ens7.
Display gateway for IPv4 and IPv6
To display the default gateway of the active interface, enter the following command:
IPv4:root@ubuntu:~# ip route show | grep 'default'
IPv6:root@ubuntu:~# ip -6 route show | grep 'default'
Note the IP addresses of the gateways. These are listed directly after the default via part. Example:
IPv4 Gatewayroot@ubuntu:~# ip route show | grep 'default' default via 195.20.234.1 dev ens6 proto dhcp src 195.20.234.94 metric 100
IPv6 Gatewayroot@ubuntu:~# ip -6 route show | grep 'default' default via fe80::1 dev ens192 proto ra metric 100 expires 4sec pref high
In this example, fe80::1 is the IPv6 gateway.
Show default DNS server
To display the DNS servers used, enter the following command:
[root@localhost ~]# resolvectl --no-pager | grep Server
The DNS servers used are then displayed at the end of the output. Example:
[root@localhost ~]# resolvectl --no-pager | grep Server
Current DNS Server: 212.227.123.16
DNS Servers: 212.227.123.16 212.227.123.17- Make a note of the DNS servers.
Configuring the network interface
Check whether there is already a configuration file in this directory. To do this, enter the following commands:
[root@localhost ~]# cd /etc/netplan
[root@localhost ~]# ls /etc/netplan
If there is a configuration file in this directory, rename it. To do this, enter the following command and replace the placeholders.
root@localhost ~]# mv OLD_CONFIGURATION_FILE.yaml OLD_CONFIGURATION_FILE.yaml.old
Example:
[root@localhost ~]# mv 50-cloud-init.yaml 50-cloud-init.yaml.old
Please Note
If the directory contains the file 00-Public_network.yaml, do not rename it, as this file is required for the public network.
Create the file /etc/netplan/01-netcfg.yaml with the vi editor. To do this, enter the following command:
[root@localhost ~]# vi etc/netplan/01-netcfg.yaml
Note
The vi editor has an insert mode and a command mode. You can call up insert mode with the [i] key. In this mode, the characters entered are immediately inserted into the text. To call up command mode, press [ESC]. If you use command mode, your keyboard input is interpreted as a command.
To be able to use a server in a private network, it's necessary to manually configure the network interface and assign a unique IP address to it. This IP address will enable communication with the server within the private network. This IP address cannot be routed to public networks. To configure the desired static IP address, add the following information:
network:
version: 2
renderer: networkd
ethernets:
NETWORK_INTERFACE:
addresses:
- MAIN_IPv4_ADDRESS/32
- ADDITIONAL_IPv4_ADDRESS/32
- MAIN_IPv6_ADDRESS/64
- ADDITIONAL_IPv6_ADDRESS_1/64
nameservers:
addresses:
- IP_ADDRESS_OF_NAMESERVER_1
- IP_ADDRESS_OF_NAMESERVER_2
routes:
- on-link: true
to: default
via: STANDARD_GATEWAY_OF_THE_ACTIVE_INTERFACE
NETWORK_INTERFACE_OF_THE_PRIVATE_NETWORK:
dhcp4: no
addresses:
- IP_ADDRESS_OF_SERVER_IN_THE_PRIVATE_NETWORK/24
nameservers:
addresses:
- IP_ADDRESS_OF_NAMESERVER 1
- IP_ADDRESS_OF_NAMESERVER 2Example:
network:
version: 2
renderer: networkd
ethernets:
ens6:
addresses:
- 85.215.124.167/32
- 212.227.250.35/32
- 2a02:2479:7:e00::1/64
- 2a02:2479:7:e00::/64
nameservers:
addresses:
- 212.227.123.16
- 212.227.123.17
routes:
- on-link: true
to: default
via: 10.255.255.1
ens7:
dhcp4: no
addresses:
- 192.168.1.2/24
nameservers:
addresses:
- 212.227.123.16
- 212.227.123.17- Press the [ESC] key to exit input mode.
- To exit vi and save the file, enter the command :wq and then press Enter.
To change the permissions of the new configuration file to read/write for only the root account, edit the following command and then enter it:
root@localhost:~# sudo chmod 600 /etc/netplan/CONFIGURATION_FILE.yaml
Example:
root@localhost:~# sudo chmod 600 /etc/netplan/01-netcfg.yaml
To apply the configuration file, enter the following command:
root@localhost:~# netplan --debug apply
The server is now accessible in the private network.
Check network configuration
To check whether the desired IPv4 and IPv6 addresses have been configured correctly, enter the following command:
root@debian:~# ip addr show
To check whether the network interface for the private network has been configured correctly, send a ping to the IP address of another server that is assigned to the private network. Example:
root@localhost:~# ping -c 1 192.168.1.3
PING 192.168.2.1 (192.168.2.2) 56(84) bytes of data.
64 bytes from 192.168.2.2: icmp_seq=1 ttl=64 time=0.176 ms
64 bytes from 192.168.2.2: icmp_seq=2 ttl=64 time=0.151 ms
64 bytes from 192.168.2.2: icmp_seq=3 ttl=64 time=0.170 ms
--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2050ms
rtt min/avg/max/mdev = 0.151/0.165/0.176/0.018 ms
If the data packets are received by the server, the network interface has been properly configured for the private network.
Note
If the server is no longer accessible due to a configuration error, you can log in to the server using the remote console and correct the configuration. You can find instructions on how to do this in the following article: