Static IPs

Configure network restrictions to allow Velvet's static IP addresses

If your database(s) are behind a VPC or firewall, you'll need to configure the network restrictions in your cloud provider to allow Velvet to connect to your database.

Velvet's Static IPs

You'll need to configure all 5 of these IP addresses for TCP traffic

IP addressRegionType
3.20.38.62, 3.15.114.156us-east-2proxy egress
18.117.209.120, 3.135.147.1, 3.21.42.89us-east-2clickhouse egress

Port configuration

You'll need to configure all 5 of the above IP addresses for TCP traffic.

For easy setup, we recommend allowing all TCP ports for the Static IPs. All ports are listed below if you prefer more granular control.

Port rangesProtocolUseRequired?
ALL TCP or *TCPallow all TCPeasy config
11000 - 21000TCPvelvet proxy port rangesyes
5432, 3306, 27017TCPdb specific ports (note, your db might use something different)yes
8000,3128, 3129, 1080, 1111, 80, 443, 22HTTPS, SSH, TCPhttps + socks proxiesoptional

Cloud Provider Guides

Depending on your setup, you might need to allow all TCP traffic or just specific ports for your database type (PostgreSQL, MySQL/MariaDB, or MongoDB).

Note: be sure that your database has access to the public internet, with either it's own public IP address or access via a proxy server (e.g. a bastion host).

AWS

  1. Navigate to VPC Dashboard: Log in to the AWS Management Console and go to the VPC Dashboard.
  2. Select Security Groups: Identify the security group for the resource you need to secure.
  3. Edit Inbound Rules: Click Inbound rules > Edit inbound rules.
  4. Add Rule:
    • Type: Select All TCP or specify the port range 11000 - 21000 plus the specific port for your database. (Postgres: 5432, MySQL/MariaDB: 3306, MongoDB: 27017).
    • Source: Enter the static IP address with /32 (e.g., 203.0.113.1/32).
    • Save the rule.

Azure

  1. Go to the Azure Portal: Log in and select the resource you want to secure.
  2. Access Network Security Group (NSG): Locate the NSG linked to your resource.
  3. Add Inbound Security Rule: Navigate to Inbound security rules > Add.
  4. Configure Rule:
    • Source: Choose IP Addresses and input the static IP to whitelist.
    • Destination port ranges: Enter * for all TCP or specify the port range 11000 - 21000 plus the specific port for your database.
    • Protocol: Select TCP.
    • Action: Choose Allow.
    • Apply changes.

Google Cloud

  1. Open VPC Network: Log into Google Cloud Console and navigate to the VPC network.
  2. Firewall Rules: Go to Firewall and click Create Firewall Rule.
  3. Setup Rule:
    • Targets: Select the resource targets.
    • Source IP ranges: Enter the static IP address to whitelist.
    • Protocols and ports: Specify tcp and choose All or specify the port range 11000 - 21000 plus the specific port for your database.
    • Create the firewall rule.

MongoDB Atlas

  1. Open MongoDB Atlas Dashboard: Log in and select your project.
  2. Navigate to Network Access: Go to Network Access under the Security tab.
  3. Add IP Address: Click Add IP Address.
  4. Enter IP Address:
    • Input the static IP address to whitelist.
    • Optionally, allow access from anywhere or add a description.
  5. Confirm: Save to apply the whitelist entry.

Ports for Database Types

  • Velvet Proxy: 11000 - 21000
  • Postgres: 5432
  • MySQL/MariaDB: 3306
  • MongoDB: 27017

Ensure you select the appropriate port when configuring rules for specific database types.

Email [email protected] for help configuring your database.