Thundercloud
Javascript

Cloud NAT

Github logo Edit on GitHub

Implement Private Google Access and Cloud NAT

TCP 전달을 위한 IAP 사용

VPC 생성

image

방화벽 생성 (Friewall)

image

VM 생성

image image image

Cloud Shell

gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap

gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap



WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
This tool needs to create the directory [/home/student_00_9ba26ddd28ee/.ssh] before being able to generate SSH keys.


Do you want to continue (Y/n)?
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Passphrases do not match.  Try again.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student_00_9ba26ddd28ee/.ssh/google_compute_engine.
Your public key has been saved in /home/student_00_9ba26ddd28ee/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:VcAb54DLUQDLVmYvGaC89UHGOT5+fXnCTwtoKkzYmDg student_00_9ba26ddd28ee@cs-286852895825-default
The key's randomart image is:
+---[RSA 2048]----+
|      o+O*o..    |
|   . o B*++..    |
|    o =o++o*     |
|     + .=+. .    |
|    o =.S. ... . |
|   E + o. .o..= o|
|    . o  .o  ..=.|
|       o .     ..|
|        .        |
+----[SHA256]-----+
Warning: Permanently added 'compute.5961393491703942998' (ECDSA) to the list of known hosts.
Linux vm-internal 4.19.0-18-cloud-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64


The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Creating directory '/home/student-00-9ba26ddd28ee'.

ping google

ping -c 2 www.google.com
PING www.google.com (173.194.194.106) 56(84) bytes of data.


--- www.google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 13ms

Cloud IAP enables context-aware access to VMs via SSH and RDP without bastion hosts

image

Bucket 생성

멀티 리전으로

Copy an image file into your bucket

gsutil cp gs://cloud-training/gcpnet/private/access.svg gs://[my_bucket]

bucket에 복사

gsutil cp gs://[my_bucket]/*.svg .

vm-internal에 연결

gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap

gsutil cp gs://[my_bucket]/*.svg .

image

VPC -> subnet -> Subnet detail

Configure a Cloud NAT gateway

sudo apt-get update

gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap

sudo apt-get update

Configure a Cloud NAT gateway

In the Cloud Console, on the Navigation menu (Navigation menu), click Network services > Cloud NAT.

image image

Configure and view logs with Cloud NAT Logging

로깅 및 모니터링 사용

Cloudt Nat 에서 설정 image

gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap

image

Previous
VPC Networking
Next
Windows VM에 연결