HostUpCloudHostUpCloudDocs
Cloud Compute

Networking

Configure IPv4, IPv6, private networks, firewalls, and floating IPs for your cloud instances.

Networking

Every cloud instance is connected to the internet via a public IPv4 address by default. You can extend your network configuration with IPv6, private networks, firewalls, and floating IPs to build secure, production-ready architectures.

Public IPv4

Every instance receives one public IPv4 address on creation, allocated from the regional IP pool.

How It Works

  • Static assignment — Your IP is statically configured as a /32 address with the host node's gateway. It is not assigned via DHCP.
  • Persistent — The IP stays with the instance until it is destroyed.
  • Reverse DNS — Set a custom PTR record for your IP from the instance networking tab. Essential for mail servers and services that require proper rDNS.
  • Copy button — Click the IP on the instance detail page to copy it to your clipboard.
# Connect to your instance
ssh root@203.0.113.42

Your instance's public IPv4 is displayed on the instance detail page and in the instances list. Use the copy button to quickly grab it.

Reverse DNS Configuration

  1. Navigate to your instance → Networking tab
  2. Click Set rDNS next to the IPv4 address
  3. Enter your desired PTR record (e.g., mail.example.com)
  4. Save — changes propagate within 5-15 minutes

Ensure your forward DNS (A record) matches the PTR record. Mismatched forward and reverse DNS can cause email delivery issues and fail spam checks.

Public IPv6

IPv6 is optional and free for all cloud instances. Each instance that enables IPv6 receives a /64 subnet.

Enabling IPv6

  • During creation — Toggle Enable IPv6 in the networking section of the instance creation form.
  • After creation — IPv6 can be enabled from the instance networking tab (requires a reboot).

IPv6 Details

FeatureValue
Subnet size/64 per instance
CostFree
Dual-stackYes — IPv4 and IPv6 run in parallel
rDNSConfigurable per address

A /64 IPv6 subnet provides 18.4 quintillion addresses — more than enough for any workload. IPv6 is ideal for applications that need large address space or IPv6-only clients.

Private Networks

Private networks let your instances communicate over an isolated, internal network. Traffic stays within the datacenter — no internet routing, lower latency, and zero bandwidth charges.

Creating a Private Network

  1. Go to your project → Networking
  2. Click Create Network
  3. Enter a name and subnet (e.g., 10.0.0.0/24)
  4. Click Create

Attaching Instances

During creation: Enable Private Network in the networking section and select your network from the dropdown.

After creation: Navigate to your instance → Networking tab → Private NetworksAttach Network.

How It Works

Each instance attached to a private network gets:

  • A second network interface (net1) on the private bridge (vmbr1)
  • An automatically assigned private IP from your subnet
  • Layer 2 connectivity with other instances on the same network
FeatureValue
Bridgevmbr1
CostFree
TrafficFree — does not count toward bandwidth allocation
SubnetCustom (e.g., 10.0.0.0/24, 172.16.0.0/16, 192.168.0.0/24)
ScopeSame region only

Use Cases

  • Database isolation — Keep your database on a private network, accessible only from your application servers. No public exposure.
  • Microservices — Service-to-service communication without exposing endpoints to the internet.
  • Cluster communication — Kubernetes nodes, Docker Swarm workers, or database replicas communicating over fast, private links.

Example: Isolate a Database Server

  1. Create a private network with subnet 10.0.0.0/24
  2. Deploy your app server and attach it to the private network (gets 10.0.0.2)
  3. Deploy your database server and attach it to the private network (gets 10.0.0.3)
  4. Configure your database to listen only on 10.0.0.3
  5. Configure your app to connect to 10.0.0.3:5432 (PostgreSQL) or 10.0.0.3:3306 (MySQL)
# From your app server, verify connectivity
ping 10.0.0.3

# Connect to your database over the private network
psql -h 10.0.0.3 -U myuser -d mydb

Private network traffic between instances in the same region is always free and does not count toward your bandwidth allocation.

See Private Networks for full documentation.

Firewalls

The cloud firewall lets you control inbound and outbound traffic to your instances at the network level. Rules are applied before traffic reaches your instance, providing an additional layer of security.

Default Behavior

Firewalls are disabled by default — all inbound and outbound traffic is allowed. Once you enable the firewall, you define rules to control access.

Enabling the Firewall

  1. Navigate to your instance → Networking tab → Firewall
  2. Toggle Enable Firewall to on
  3. Set your default inbound and outbound policies
  4. Add rules as needed

Policies

PolicyDirectionMeaning
ACCEPTInbound / OutboundAllow all traffic by default, block specific traffic with rules
DROPInbound / OutboundSilently drop all traffic by default, allow specific traffic with rules
REJECTInbound / OutboundReject all traffic with an ICMP response, allow specific traffic with rules

Setting the inbound policy to DROP or REJECT without adding an SSH allow rule will lock you out of your instance. Always add an SSH rule (port 22) before enabling a restrictive inbound policy.

Adding Rules

Each rule has the following fields:

FieldDescriptionExample
DirectionInbound or outboundIN
ActionACCEPT, DROP, or REJECTACCEPT
Protocol / MacroProtocol (TCP, UDP, ICMP) or a named macro (SSH, HTTP, HTTPS)TCP or SSH
PortPort number or range22 or 8000-9000
SourceSource IP or CIDR (inbound) or destination (outbound)0.0.0.0/0 or 10.0.0.0/24
CommentOptional descriptionAllow SSH from office

Security Groups

Security groups are reusable sets of firewall rules that you can apply to multiple instances. Instead of duplicating rules across instances, create a security group once and attach it.

  1. Navigate to NetworkingSecurity Groups
  2. Create a group (e.g., web-servers)
  3. Add rules to the group
  4. Attach the group to any instance's firewall

Example: Allow SSH Only

Set inbound policy to DROP, then add one rule:

DirectionActionMacroPortSourceComment
INACCEPTSSH220.0.0.0/0Allow SSH from anywhere
# Test SSH access
ssh root@your-instance-ip
# All other inbound traffic is silently dropped

Example: Web Server (HTTP + HTTPS)

Set inbound policy to DROP, then add these rules:

DirectionActionMacroPortSourceComment
INACCEPTSSH22203.0.113.0/24SSH from office only
INACCEPTHTTP800.0.0.0/0Allow HTTP
INACCEPTHTTPS4430.0.0.0/0Allow HTTPS

Example: Database Isolation with Private Network

Keep your database accessible only from your private network:

  1. Deploy the database instance with a private network (10.0.0.0/24)
  2. Enable the firewall with inbound policy DROP
  3. Add rules:
DirectionActionProtocolPortSourceComment
INACCEPTTCP2210.0.0.0/24SSH from private network
INACCEPTTCP543210.0.0.0/24PostgreSQL from private network

Combining firewalls with private networks gives you defense in depth. Even if a private network is compromised, the firewall limits which ports are accessible.

Floating IPs

Floating IPs are reserved public IP addresses that can be reassigned between instances in the same region. They enable instant failover, high availability, and seamless IP portability.

How It Works

  1. Allocate a floating IP from the regional pool
  2. Attach it to any running instance
  3. Detach and reattach to another instance for failover — no DNS changes needed

Pricing

TypeRate
Floating IPv4$2.72/mo
Floating IPv6$1.63/mo

Floating IPs are billed monthly regardless of whether they are attached to an instance. Release a floating IP to stop billing.

Use Cases

  • High availability — Reassign the IP to a standby instance if the primary fails
  • Blue-green deployments — Switch traffic between versions without DNS propagation
  • Mail servers — Dedicated IP with proper rDNS for email deliverability

API Example

# Reserve a floating IP
curl -X POST https://api.hostupcloud.com/v1/floating-ips \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"region": "in-blr", "type": "ipv4"}'

# Attach to an instance
curl -X POST https://api.hostupcloud.com/v1/floating-ips/{ip-id}/attach \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"instance_id": "your-instance-id"}'

# Detach from an instance
curl -X POST https://api.hostupcloud.com/v1/floating-ips/{ip-id}/detach \
  -H "Authorization: Bearer $API_TOKEN"

See Floating IPs for full documentation including subnet pricing and rDNS configuration.

Network Summary

FeatureDetails
Public IPv41 per instance, static /32, rDNS configurable
Public IPv6Optional, free, /64 per instance
Private NetworksFree, custom subnets, auto-assigned IPs, vmbr1 bridge
FirewallsPer-instance, inbound/outbound policies, security groups
Floating IPsReassignable, $2.72/mo IPv4, $1.63/mo IPv6
Ingress trafficAlways free
Internal trafficAlways free
Egress overage$0.01/GB beyond included quota

Next Steps

Managing Instances

Power controls, monitoring, resizing, rebuilding, and destroying cloud instances.

Storage

Manage volumes, snapshots, and backups for your cloud instances.

On this page

NetworkingPublic IPv4How It WorksReverse DNS ConfigurationPublic IPv6Enabling IPv6IPv6 DetailsPrivate NetworksCreating a Private NetworkAttaching InstancesHow It WorksUse CasesExample: Isolate a Database ServerFirewallsDefault BehaviorEnabling the FirewallPoliciesAdding RulesSecurity GroupsExample: Allow SSH OnlyExample: Web Server (HTTP + HTTPS)Example: Database Isolation with Private NetworkFloating IPsHow It WorksPricingUse CasesAPI ExampleNetwork SummaryNext Steps