In a home network this usually boils down to a router that is connected to the internet.\u00a0 The CIDR block is usually one of the non-routable networks<\/a>.\u00a0 My home network is 192.168.178.0\/24.<\/p>\n The process when creating a VPC on Amazon is pretty much the same.<\/p>\n Before I cover all of the steps that are necessary for completely setting up a VPC it is important to note that Amazon makes it really easy to set all of this up with much less effort.\u00a0 It is possible to create a default VPC which will create everything that is necessary.<\/p>\n All of the setup will be associated with samplevpc and the CIDR block 192.168.\u00a0 It is also possible to create a IPv6 network as well, but as IPv6 addresses are pretty horrible to look at I will leave that off.\u00a0 It is enough to know that Amazon does also provide support for that new(ish) standard.<\/p>\n I question why Amazon didn’t add one more check box on the VPC creation dialog box that asked if the VPC should support DNS hostnames.\u00a0 You need this if you want to connect to your EC2 machine (setup later) either with ssh, http or really any protocol. Once you create your VPC you need to edit it to set this option.<\/p>\n This step, can actually be performed as many times as necessary depending on how many different subnets you want.\u00a0 This might be useful if you split up your setup into different logical networks.\u00a0 This might be because you put different applications into different subnets or perhaps to create firewalls to create different layers of permissions.<\/p>\n My same criticism of the VPC creation dialog extends to the creation of subnets.\u00a0 It should have been possible to add a checkbox to the subnet dialog for the assignment of IPv4 addresses.<\/p>\n Creating the internet gateway is really not much of a process.\u00a0 The only real control you have is the user friendly name for the gateway.<\/p>\n However, once the gateway is created it is not automatically associated with anything.<\/p>\n Just select the VPC from the list that should be associated with this gateway.\u00a0 The process isn’t difficult and as it turns out, you can only associate one internet gateway with a network.<\/p>\n When first looking at the routing everything looks just fine.<\/p>\n The thing that might not be apparent from looking at this figure is that any virtual machine can talk to other virtual machines on its network segment.\u00a0 However, if the destination is to a machine outside of the local network then there is no route to pass that information out.<\/p>\n This small change allows us to both communicate with any virtual machines but also that they can communicate with us as well.<\/p>\n It is possible to set up the access control list which is essentially creating your own firewall.\u00a0 You determine which protocols can come in on which ports from which locations.<\/p>\n Input ACL<\/p><\/div>\n <\/p>\n Output ACL<\/p><\/div>\n <\/p>\n Actually the AWS security group is really not that much different from the access control list setup.<\/p>\n It is possible to user either the ACL or the security group for dealing with internal traffic and the other as the firewall to the actual internet.<\/p>\n All of this setup is required to create your own little network and attach it to the internet.\u00a0 It does seem like a lot of setup but it only takes a few minutes and it does give you the same control as setting up a router at home.<\/p>\n I will be using this network setup with a virtual computer (EC2 ) in my next article.<\/p>\n","protected":false},"excerpt":{"rendered":" I would rather talk about the actual compute engine (EC2) but that oddly enough you need a network before you can really create one.\u00a0 Rather than talking about the default VPC I will discuss about the networking a bit right … Continue reading \n
Create a VPC for a given CIDR block for entire network<\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-01-vpc-create-vpc.png\")
<\/p>\n![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-02-vpc-create-vpc-dns-hostnames.png\")
<\/p>\nCreate one or more subnets for the network<\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-03-vpc-create-subnet1.png\")
<\/p>\n![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-04-vpc-modify-subnet1.png\")
<\/p>\n![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-05-vpc-modify-subnet1-returncode.png\")
<\/p>\nCreate a an internet gateway<\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-06-vpc-internet-gw.png\")
<\/p>\n![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-07-vpc-internet-gw-detatched.png\")
<\/p>\nAttach gateway to my VPC<\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-08-vpc-internet-gw-attached.png\")
<\/p>\n![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-09-vpc-internet-gw-attached-view.png\")
<\/p>\nAdd route to from VPC to rest of internet<\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-10-vpc-routing-before.png\")
<\/p>\n![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-11-vpc-routing-after.png\")
<\/p>\nSetup any special firewall rules \/ ACL<\/a><\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-12-vpc-acl-inbound.png\")
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-12-vpc-acl-outbound.png\")
Create a security group<\/h2>\n
![\"\"](\"https:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2017\/11\/aws-13-vpc-securitygrp.png\")
<\/p>\nSummary<\/h2>\n