skip to Main Content

In Azure portal LB inbound NAT rule is created via the following form, where I see a property for target VM and port

enter image description here

Is there a way to specify LB NAT rule target VM via Azure CLI or Terraform?

In Terraform, I see there only an approach to create rule and attach it to the network interface of VM via separate resource, but it does not feet my case and more over as I tested it haven’t worked out

So is there a way to perform exactly an action in Terraform or Azure CLI to create NAT rule as we do via Azure Portal UI?

2

Answers


  1. Created load balancer and added two virtual machines in backend pool:

    enter image description here

    You could identify the target VM using Network interfaces. There is no explicit comment to specify the target VM of the LB NAT rule.

    Created NAT rule and to check the target vm make use of below command using CLI.

    #Create an inbound NAT rule.
    az network lb inbound-nat-rule create -g MyResourceGroup --lb-name MyLbName -n MyNatRuleName --protocol Tcp --frontend-port 5432 --backend-port 3389 --frontend-ip MyFrontendIpName --floating-ip true
    #Get the details of an inbound NAT rule.
    az network lb inbound-nat-rule show -g MyResourceGroup --lb-name MyLb -n MyNatRule
    

    Now, target virtual machine of network interface as shown below in this way you can identify specific vm of load balancer:

    enter image description here

    {
      "backendIPConfiguration": {
        "id": "/subscriptions/7195d375-7aXXXXXX/resourceGroups/test/providers/Microsoft.Network/networkInterfaces/vm2178/ipConfigurations/ipconfig1",
        "resourceGroup": "test"
      },
      "backendPort": 3389,
      "enableFloatingIP": true,
      "enableTcpReset": false,
      "etag": "W/"b56ffe14-d650-4c2XXXXXXX"","frontendIPConfiguration": {
        "id": "/subscriptions/7195d375-7aXXXX/resourceGroups/test/providers/Microsoft.Network/loadBalancers/lb/frontendIPConfigurations/ip1",
        "resourceGroup": "test"
      },"
    

    In portal:

    enter image description here

    Reference:

    az network lb inbound-nat-rule | Microsoft Learn

    Login or Signup to reply.
  2. This functionality is possible in CLI. You will need to create an inbound NAT rule and then do a PUT NIC call to reference the nat rule to the VM (see example below).

    Example:

    az network lb inbound-nat-rule create -g MyResourceGroup --lb-name MyLb -n MyNatRule --protocol Tcp --frontend-port 80 --backend-port 80
    

    This command will create an inbound NAT rule without any target VM or backend pool.

    Refer: https://learn.microsoft.com/en-us/cli/azure/network/lb/inbound-nat-rule?view=azure-cli-latest#az-network-lb-inbound-nat-rule-create

    az network nic ip-config inbound-nat-rule add -g MyResourceGroup --nic-name MyNic -n MyIpConfig --inbound-nat-rule MyNatRule  --lb-name MyLB
    

    This command will add the above created inbound NAT rule to a target VM that you specify.

    Refer: https://learn.microsoft.com/en-us/cli/azure/network/nic/ip-config/inbound-nat-rule?view=azure-cli-latest#az-network-nic-ip-config-inbound-nat-rule-add

    The Manage inbound NAT rules for Azure Load Balancer document doesn’t seem to reflect this information. I will contact the doc author to update our docs to make this clearer.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search