Cloud Nat 설정
컨텐츠 정보
- 2,800 조회
- 0 추천
- 목록
본문
# Implement Private Google Access and Cloud NAT
[TCP 전달을 위한 IAP 사용](https://cloud.google.com/iap/docs/using-tcp-forwarding)
## VPC 생성
## 방화벽 생성 (Friewall)
## VM 생성
## Cloud Shell
`gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap`
### gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap
```
WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
This tool needs to create the directory [/home/student_00_9ba26ddd28ee/.ssh] before being able to generate SSH keys.
Do you want to continue (Y/n)?
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Passphrases do not match. Try again.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student_00_9ba26ddd28ee/.ssh/google_compute_engine.
Your public key has been saved in /home/student_00_9ba26ddd28ee/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:VcAb54DLUQDLVmYvGaC89UHGOT5+fXnCTwtoKkzYmDg student_00_9ba26ddd28ee@cs-286852895825-default
The key's randomart image is:
+---[RSA 2048]----+
| o+O*o.. |
| . o B*++.. |
| o =o++o* |
| + .=+. . |
| o =.S. ... . |
| E + o. .o..= o|
| . o .o ..=.|
| o . ..|
| . |
+----[SHA256]-----+
Warning: Permanently added 'compute.5961393491703942998' (ECDSA) to the list of known hosts.
Linux vm-internal 4.19.0-18-cloud-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Creating directory '/home/student-00-9ba26ddd28ee'.
```
## ping google
```
ping -c 2 www.google.com
PING www.google.com (173.194.194.106) 56(84) bytes of data.
--- www.google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 13ms
```
[Cloud IAP enables context-aware access to VMs via SSH and RDP without bastion hosts](https://cloud.google.com/blog/products/identity-security/cloud-iap-enables-context-aware-access-to-vms-via-ssh-and-rdp-without-bastion-hosts)
# Bucket 생성
멀티 리전으로
## Copy an image file into your bucket
```
gsutil cp gs://cloud-training/gcpnet/private/access.svg gs://[my_bucket]
```
## bucket에 복사
```
gsutil cp gs://[my_bucket]/*.svg .
```
## vm-internal에 연결
```
gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap
```
gsutil cp gs://[my_bucket]/*.svg .
VPC -> subnet -> Subnet detail
# Configure a Cloud NAT gateway
sudo apt-get update
gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap
sudo apt-get update
# Configure a Cloud NAT gateway
In the Cloud Console, on the Navigation menu (Navigation menu), click Network services > Cloud NAT.
# Configure and view logs with Cloud NAT Logging
[로깅 및 모니터링 사용](https://cloud.google.com/nat/docs/monitoring)
Cloudt Nat 에서 설정
```
gcloud compute ssh vm-internal --zone us-central1-c --tunnel-through-iap
```
관련자료
댓글 0
등록된 댓글이 없습니다.
