Azure Load Balancer Inbound NAT rule targeting VM

PetroKolosov
August 8, 2023
269 views
1 vote
2 Answers

In Azure portal LB inbound NAT rule is created via the following form, where I see a property for target VM and port

Is there a way to specify LB NAT rule target VM via Azure CLI or Terraform?

In Terraform, I see there only an approach to create rule and attach it to the network interface of VM via separate resource, but it does not feet my case and more over as I tested it haven’t worked out

So is there a way to perform exactly an action in Terraform or Azure CLI to create NAT rule as we do via Azure Portal UI?

Tags: azure azure-load-balancer

Answers

- Imran
- August 4, 2023 at 8:01 pm
- 0 votes
0
Created load balancer and added two virtual machines in backend pool:

You could identify the target VM using Network interfaces. There is no explicit comment to specify the target VM of the LB NAT rule.

Created NAT rule and to check the target vm make use of below command using CLI.
```
#Create an inbound NAT rule.
az network lb inbound-nat-rule create -g MyResourceGroup --lb-name MyLbName -n MyNatRuleName --protocol Tcp --frontend-port 5432 --backend-port 3389 --frontend-ip MyFrontendIpName --floating-ip true
#Get the details of an inbound NAT rule.
az network lb inbound-nat-rule show -g MyResourceGroup --lb-name MyLb -n MyNatRule
```
Now, target virtual machine of network interface as shown below in this way you can identify specific vm of load balancer:
```
{
  "backendIPConfiguration": {
    "id": "/subscriptions/7195d375-7aXXXXXX/resourceGroups/test/providers/Microsoft.Network/networkInterfaces/vm2178/ipConfigurations/ipconfig1",
    "resourceGroup": "test"
  },
  "backendPort": 3389,
  "enableFloatingIP": true,
  "enableTcpReset": false,
  "etag": "W/"b56ffe14-d650-4c2XXXXXXX"","frontendIPConfiguration": {
    "id": "/subscriptions/7195d375-7aXXXX/resourceGroups/test/providers/Microsoft.Network/loadBalancers/lb/frontendIPConfigurations/ip1",
    "resourceGroup": "test"
  },"
```
In portal:

Reference:

az network lb inbound-nat-rule | Microsoft Learn
Login or Signup to reply.

- GitaraniSharma
- August 8, 2023 at 7:10 am
- 0 votes
0
This functionality is possible in CLI. You will need to create an inbound NAT rule and then do a PUT NIC call to reference the nat rule to the VM (see example below).

Example:
```
az network lb inbound-nat-rule create -g MyResourceGroup --lb-name MyLb -n MyNatRule --protocol Tcp --frontend-port 80 --backend-port 80
```
This command will create an inbound NAT rule without any target VM or backend pool.

Refer: https://learn.microsoft.com/en-us/cli/azure/network/lb/inbound-nat-rule?view=azure-cli-latest#az-network-lb-inbound-nat-rule-create
```
az network nic ip-config inbound-nat-rule add -g MyResourceGroup --nic-name MyNic -n MyIpConfig --inbound-nat-rule MyNatRule  --lb-name MyLB
```
This command will add the above created inbound NAT rule to a target VM that you specify.

Refer: https://learn.microsoft.com/en-us/cli/azure/network/nic/ip-config/inbound-nat-rule?view=azure-cli-latest#az-network-nic-ip-config-inbound-nat-rule-add

The Manage inbound NAT rules for Azure Load Balancer document doesn’t seem to reflect this information. I will contact the doc author to update our docs to make this clearer.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.