1125124, 737 PM “Tutoriat Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Leam Tutorial: Create a single virtual machine inbound NAT rule using the Azure portal Article + 10/24/2023 Inbound NAT rules allow you to connect to virtual machines (VMs) in an Azure virtual network by using an Azure Load Balancer public IP address and port number. For more information about Azure Load Balancer rules, see Manage rules for Azure Load Balancer using the Azure portal In this tutorial, you learn how to: Create a virtual network and virtual machines Create a standard SKU public load balancer with frontend IP, health probe, backend configuration, load-balancing rule, and inbound NAT rules Y Create a NAT gateway for outbound internet access for the backend pool V Install and configure a web server on the VMs to demonstrate the port forwarding and load-balancing rules Resource Group (9) sTP80 Network Secuty T Group NO Lead tamer —ssuazt 2——- mn vonns ||) ™ toad atncer = sstaz2 2— +1 we mane a reso Backend Po! om |. ee {p+ oai NAT Gateway Pube me © Backend Subnet <>) Virtual Network Prerequisites nitps:leam mierosof.comlen-ustazurelload-balancertutoria-4oas-balancer-porforwarcing- portal a31125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear * An Azure account with an active subscription. Create an account for free Sign in to Azure Sign in to the Azure portal Create virtual network and virtual machines A virtual network and subnet is required for the resources in the tutorial. In this section, you create a virtual network and virtual machines for the later steps. 1. In the search box at the top of the portal, enter Virtual machine. Select Virtual machines in the search results. 2. In Virtual machines, select + Create > + Virtual machine. 3. In Create a virtual machine, enter or select the following values in the Basics tab: © Expand table Setting Value Project details Subscription Select your subscription, Resource group Select Create new. Enter load-balancer-rg. Select OK, Instance details Virtual machine name Enter lb-vin1 Region Select ((US) East US). Availability options Select Availability zone. Availability zone Select Zone 1. Security type Select Standard Image Select Ubuntu Server 20.04 LTS - Gen2. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwaring- portal ain1125124, 737 PM “Tutoria Create a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear Setting Azure Spot instance Size Administrator account Authentication type Username. SSH public key source key pair name Inbound port rules Public inbound ports 4, Select the Networking tab, or select Next: Disks, then Next: Networl Value Leave the default of unchecked. Select a VM size. Select SSH pul Enter azureuser. Select Generate new key pair. Enter b-key-pair. Select None. 5. In the Networking tab, enter or select the following information. Setting Network interface Virtual network Subnet Public IP NIC network security group Configure network security group (2. Expand table Value Select Create new. Enter b-vnet in Name In Address space, under Address range, enter 10.0.0.0/16. In Subnets, under Subnet name, enter backend-subnet. In Address range, enter 10.0.1.0/24. Select OK, Select backend-subnet. Select None. Select Advanced, Select Create new. Enter (b-NSG in Name. Select + Add an inbound rule under Inbound rules. In Service, select HTTP. Enter 100 in Priority. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toad-balancer-por forwarding: portal 331125124, 737 PM “Tutorial Create a single tual machine inbound NAT rue ~ Azure potal- Azure Loed Balancer | Microsoft Leam Setting Value Enter (b-NSG-Rule for Name. Select Add Select OK. 6. Select the Review + create tab, or select the Review + create button at the bottom of the page. 7. Select Create. 8. At the Generate new key pair prompt, select Download private key and create resource. Your key file is downloaded as Ib-key-pair.pem. Ensure you know where the pem file was downloaded, you'll need the path to the key file in later steps. 9, Follow the steps 1 through 7 to create another VM with the following values and all the other settings the same as Ib-vmt: 2 Expand table Setting Value Basics Instance details Virtual machine name Enter lb-vm2 Availability zone Select Zone 2 ‘Administrator account Authentication type Select SSH public key SSH public key source Select Use existing key stored in Azure. Stored Keys Select Ib-key-pair. Inbound port rules Public inbound ports Select None. Networking Network interface Public IP Select None. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal ans1125124, 737 PM “Tutoria Create a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear Setting Value NIC network security group Select Advanced Configure network security group Select the existing Ib-NSG Create a load balancer You create a load balancer in this section. The frontend IP, backend pool, load-balancing, and inbound NAT rules are configured as part of the creation. 1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results. 2. In the Load balancer page, select Create. 3. In the Basics tab of the Create load balancer page, enter, or select the following information: © Expand table Setting Value Project details Subscription Select your subscription, Resource group Select load-balancer-rg. Instance details Name Enter load-balancer Region Select East US. sku Leave the default Standard, Type Select Public. Tier Leave the default Regional. 4, Select Next: Frontend IP configuration at the bottom of the page. 5. In Frontend IP configuration, select + Add a frontend IP configuration nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal 5131125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear 6. Enter (b-frontend in Name. 7. Select IPv4 or IPv6 for the IP version. © Note IPv6 isn't currently supported with Routing Preference or Cross-region load- balancing (Global Tier) 8, Select IP address for the IP type. © Note For more information on IP prefixes, see Azure Public IP address prefix. 9, Select Create new in Public IP address. 10. In Add a public IP address, enter /b-frontend-ip for Name. 11, Select Zone-redundant in Availability zone. © Note In regions with Availability Zones, you have the option to select no-zone (default option), a specific zone, or zone-redundant. The choice will depend on your specific domain failure requirements. In regions without Availability Zones, this field won't appear. For more information on availability zones, see Availability zones overview. 12. Leave the default of Microsoft Network for Routing preference. 13. Select OK. 14, Select Add 15, Select Next: Backend pools at the bottom of the page. 16. In the Backend pools tab, select + Add a backend pool. 17. Enter or select the following information in Add backend pool nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwaring- portal 631125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear Setting Name Virtual network Backend Pool Configuration (2D Expand table Value Enter lb-backend-pool. Select Ib-vnet (load-balancer-rg). Select NIC. 18, Select + Add in Virtual machines. 19. Select the checkboxes next to Ib-vmt and Ib-vm2 in Add virtual machines to backend pool 20. Select Add and then select Save. 21, Select the Next: Inbound rules button at the bottom of the page. 22. In Load balancing rule in the Inbound rules tab, select + Add a load balancing rule. 23. In Add load balancing rule, enter or select the following information. Setting Name IP Version Frontend IP address Backend pool Protocol Port Backend port Health probe Session persistence 2. Expand table Value Enter lb-HTTP-rule Select IPv4 or IPV6 depending on your requirements. Select Ib-frontend (To be created). Select Ib-backend-pool Select TCP. Enter 80. Enter 80. Select Create new. In Name, enter lb-health-probe. Select TCP in Protocol. Leave the rest of the defaults, and select Save. Select None. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal 731125124, 737 PM Setting Idle timeout (minutes) Enable TCP reset Enable Floating IP ‘Outbound source network address translation (SNAT) “Tutoria Create a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear Value Enter or select 15. Select checkbox to enable. Leave the default of unchecked. Leave the default of (Recommended) Use outbound rules to provide backend pool members access to the internet. For more information about load-balancing rules, see Load-balancing rules. 24, Select Save. 25. In Inbound NAT rule in the Inbound rules tab, select + Add an inbound nat rule. 26. In Add inbound NAT rule, enter or select the following information. Setting Name Target virtual machine Network IP configuration Frontend IP address Frontend Port Service Tag Backend port Protocol Enable TCP Reset Idle timeout (minutes) Enable Floating IP 27. Select Add. 2 Expand table Value Enter lb-NAT-rule-VM1-221 Select Ib-vmt. Select ipconfigt (10.0.0.4) Select Ib-frontend (To be created) Enter 221. Select Custom. Enter 22. Leave the default of TCP. Leave the default of unchecked. Leave the default 4. Leave the default of unchecked. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwaring- portal1125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear 28, Select + Add an inbound nat rule. 29. In Add inbound NAT rule, enter or select the following information Setting Name Target virtual machine Network IP configuration Frontend IP address Frontend Port Service Tag Backend port Protocol Enable TCP Reset Idle timeout (minutes) Enable Floating IP 30. Select Add. <2 Expand table Value Enter [b-NAT-rule-VM2-222. Select tb-vm2 Select ipconfigt (10.0.0.5) Select Ib-frontend Enter 222. Select Custom. Enter 22. Leave the default of TCP. Leave the default of unchecked. Leave the default 4. Leave the default of unchecked 31, Select the blue Review + create button at the bottom of the page. 32, Select Create. Create a NAT gateway In this section, you create a NAT gateway for outbound internet access for resources in the virtual network. For more information about outbound connections and Azure Virtual Network NAT, see Using Source Network Address Translation (SNAT) for outbound connections and What is Virtual Network NAT?, nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal ons1125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear 1, In the search box at the top of the portal, enter NAT gateway. Select NAT gateways in the search results. 2. In NAT gateways, select + Create. 3. In Create network address translation (NAT) gateway, enter or select the following information: (2 Expand table Setting Value Project details Subscription Select your subscription. Resource group Select load-balancer-rg. Instance details NAT gateway name Enter b-nat-gateway. Region Select East US. Availability zone Select None. Idle timeout (minutes) Enter 15. 4, Select the Outbound IP tab or select the Next: Outbound IP button at the bottom of the page. 5. In Outbound IP, select Create a new public IP address next to Public IP addresses. 6. Enter nat-gw-public-ip in Name in Add a public IP address. 7. Select OK. 8, Select the Subnet tab or select the Next: Subnet button at the bottom of the page. 9, In Virtual network in the Subnet tab, select Ib-vnet. 10. Select backend-subnet under Subnet name. 11, Select the blue Review + create button at the bottom of the page, or select the Review + create tab. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal 101131125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear 12, Select Create. Install web server In this section, you'll SSH to the virtual machines through the inbound NAT rules and install a web server. 1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results. 2, Select load-balancer. 3, Select Fronted IP configuration in Settings. 4. In the Frontend IP configuration, make note of the IP address for Ib-frontend. In this example, it's 20.99.165.176. f= MyLoadBalancer | Frontend IP configuration x Aad © Rees civ 2 a 5. If you're using a Mac or Linux computer, open a Bash prompt. If you're using a Windows computer, open a PowerShell prompt. 6. At your prompt, open an SSH connection to Ib-vm1. Replace the IP address with the address you retrieved in the previous step and port 221 you used for the Ib-vm1 inbound NAT rule. Replace the path to the .pem with the path to where the key file was downloaded, Console ssh -i .\Downloads\1b-key-pair.pen azureuser@20.99.165.176 -p 221 nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal ss112524, 7:97 Pa “utr Crate a single itu machine inbound NAT ula - Azure poral Azure Load Balancer | Mcosof Loam Q Tip The SSH key you created can be used the next time your create a VM in Azure. Just select the Use a key stored in Azure for SSH public key source the next time you create a VM. You already have the private key on your computer, so you won't need to download anything 7. From your SSH session, update your package sources and then install the latest NGINX package. Bash sudo apt-get -y update sudo apt-get -y install nginx 8. Enter exit to leave the SSH session 9, At your prompt, open an SSH connection to Ib-vm2. Replace the IP address with the address you retrieved in the previous step and port 222 you used for the Ib-vm2 inbound NAT rule. Replace the path to the pem with the path to where the key file was downloaded Console ssh -i .\Downloads\lb-key-pair.pem azureuser@20.99.165.176 -p 222 10. From your SSH session, update your package sources and then install the latest NGINX package. Bash sudo apt-get -y update sudo apt-get -y install nginx 11, Enter exit to leave the SSH session. Test the web server In this section you test the web server by using the public IP address for the load balancer. nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal 1291125124, 737 PM “Tori Crest a single virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Microsoft Lear 1. Open your web browser 2. In the address bar, enter the IP address for the load balancer. In this example, it's 20,99.165.176, 3. The default NGINX website is displayed. DD) Wekeame tenant x|+ < GM Notsecure | 20.99:165.176 3|/ Git & oa Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nainx.or9. Commercial support is available at nginx.com. Thank you for using nginx. Clean up resources If you're not going to continue to use this application, delete the virtual machines and load balancer with the following steps: 1. In the search box at the top of the portal, enter Resource group. Select Resource groups in the search results. 2, Select load-balancer-rg in Resource groups. 3, Select Delete resource group. 4, Enter load-balancer-rg in TYPE THE RESOURCE GROUP NAME.. Select Delete. Next steps Advance to the next article to learn how to create a cross-region load balancer: nitps:leam mierosof.comlen-ustazurelload-balancertutoria-toas-balancer-porforwardng- portal 1913