Static IPs
Configure network restrictions to allow Velvet's static IP addresses
If your database(s) are behind a VPC or firewall, you'll need to configure the network restrictions in your cloud provider to allow Velvet to connect to your database.
Velvet's Static IPs
You'll need to configure all 5 of these IP addresses for TCP traffic
IP address | Region | Type |
---|---|---|
3.20.38.62 , 3.15.114.156 | us-east-2 | proxy egress |
18.117.209.120 , 3.135.147.1 , 3.21.42.89 | us-east-2 | clickhouse egress |
Port configuration
You'll need to configure all 5 of the above IP addresses for TCP traffic.
For easy setup, we recommend allowing all TCP ports for the Static IPs. All ports are listed below if you prefer more granular control.
Port ranges | Protocol | Use | Required? |
---|---|---|---|
ALL TCP or * | TCP | allow all TCP | easy config |
11000 - 21000 | TCP | velvet proxy port ranges | yes |
5432 , 3306 , 27017 | TCP | db specific ports (note, your db might use something different) | yes |
8000 ,3128 , 3129 , 1080 , 1111 , 80 , 443 , 22 | HTTPS, SSH, TCP | https + socks proxies | optional |
Cloud Provider Guides
Depending on your setup, you might need to allow all TCP traffic or just specific ports for your database type (PostgreSQL, MySQL/MariaDB, or MongoDB).
Note: be sure that your database has access to the public internet, with either it's own public IP address or access via a proxy server (e.g. a bastion host).
AWS
- Navigate to VPC Dashboard: Log in to the AWS Management Console and go to the VPC Dashboard.
- Select Security Groups: Identify the security group for the resource you need to secure.
- Edit Inbound Rules: Click
Inbound rules
>Edit inbound rules
. - Add Rule:
- Type: Select
All TCP
or specify the port range11000 - 21000
plus the specific port for your database. (Postgres: 5432, MySQL/MariaDB: 3306, MongoDB: 27017). - Source: Enter the static IP address with
/32
(e.g.,203.0.113.1/32
). - Save the rule.
- Type: Select
Azure
- Go to the Azure Portal: Log in and select the resource you want to secure.
- Access Network Security Group (NSG): Locate the NSG linked to your resource.
- Add Inbound Security Rule: Navigate to
Inbound security rules
>Add
. - Configure Rule:
- Source: Choose
IP Addresses
and input the static IP to whitelist. - Destination port ranges: Enter
*
for all TCP or specify the port range11000 - 21000
plus the specific port for your database. - Protocol: Select
TCP
. - Action: Choose
Allow
. - Apply changes.
- Source: Choose
Google Cloud
- Open VPC Network: Log into Google Cloud Console and navigate to the VPC network.
- Firewall Rules: Go to
Firewall
and clickCreate Firewall Rule
. - Setup Rule:
- Targets: Select the resource targets.
- Source IP ranges: Enter the static IP address to whitelist.
- Protocols and ports: Specify
tcp
and chooseAll
or specify the port range11000 - 21000
plus the specific port for your database. - Create the firewall rule.
MongoDB Atlas
- Open MongoDB Atlas Dashboard: Log in and select your project.
- Navigate to Network Access: Go to
Network Access
under theSecurity
tab. - Add IP Address: Click
Add IP Address
. - Enter IP Address:
- Input the static IP address to whitelist.
- Optionally, allow access from anywhere or add a description.
- Confirm: Save to apply the whitelist entry.
Ports for Database Types
- Velvet Proxy: 11000 - 21000
- Postgres: 5432
- MySQL/MariaDB: 3306
- MongoDB: 27017
Ensure you select the appropriate port when configuring rules for specific database types.
Email [email protected] for further support.
Updated 7 months ago