1125124, 737 PM “Tutorial Create a multiple vitual machine inoound NAT rule - Azure portal Azure Load Balancer | Microsoft Learn Tutorial: Create a multiple virtual machine inbound NAT rule using the Azure portal Article + 09/27/2023 Inbound NAT rules allow you to connect to virtual machines (VMs) in an Azure virtual network by using an Azure Load Balancer public IP address and port number. For more information about Azure Load Balancer rules, see Manage rules for Azure Load. Balancer using the Azure portal In this tutorial, you learn how to: VY Create a virtual network and virtual machines VY Create a standard SKU public load balancer with frontend IP, health probe, backend configuration, and load-balancing rule Y Create a multiple VMs inbound NAT rule VY Create a NAT gateway for outbound internet access for the backend pool Install and configure a web server on the VMs to demonstrate the port forwarding and load-balancing rules Prerequisites * An Azure account with an active subscription. Create an account for free Create virtual network and virtual machines A virtual network and subnet is required for the resources in the tutorial. In this section, you create a virtual network and virtual machines for the later steps 1. Sign in to the Azure portal 2. In the search box at the top of the portal, enter Virtual machine, Select Virtual machines in the search results. 3. In Virtual machines, select + Create > + Virtual machine. nttps:leam mierosot.comlon-usfazurelload-balancertutora-natrule-mult-snstance-pertal a31125124, 737 PM Tutorial Cre ‘multiple virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Micrsft Learn 4. In Create a virtual machine, enter or select the following values in the Basics tab: Setting Project details Subscription Resource group Instance details Virtual machine name Region Availability options Availability zone Security type Image Azure Spot instance Size Administrator account Authentication type Username. SSH public key source Key pair name Inbound port rules Public inbound ports <2 Expand table Value Select your subscription. Select Create new. Enter TutorialLBPF-rg, Select OK. Enter myVM1. Enter (US) West US 2. Select Availability zone. Enter 1. Select Standard. Select Ubuntu Server 20.04 LTS - Gen2. Leave the default of unchecked, Select a VM size. Select SSH public key. Enter azureuser. Select Generate new key pair. Enter myKey. Select None. 5, Select the Networking tab, or select Next: Disks, then Next: Networking, 6. In the Networking tab, enter or select the following information, nttps:leam mierosof.comlon-usfazureload-balancertutora-natrule-mult-snstance-perta ain1125124, 737 PM ‘multiple virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Micrsft Learn (2 Expand table Setting Value Network interface Virtual network Select Create new. Enter myVNet in Name In Address space, under Address range, enter 10.1.0.0/16. In Subnets, under Subnet name, enter myBackendSubnet In Address range, enter 10.1.0.0/24. Select OK, Subnet Select myBackendSubnet. Public IP Select None NIC network security group Select Advanced Configure network security group Select Create new. Enter myNSG in Name. Select + Add an inbound rule under Inbound rules. In Service, select HTTP. Enter 100 in Priority. Enter myNSGRule for Name. Select Add. Select OK, 7. Select the Review + create tab, or select the Review + create button at the bottom of the page. 8. Select Create. 9, At the Generate new key pair prompt, select Download private key and create resource. Your key file is downloaded as myKey.pem. Ensure you know where the pem file was downloaded, you need the path to the key file in later steps. 10. Follow the steps 1 through 8 to create another VM with the following values and all the other settings the same as myVM1: © Expand table Setting vm 2 Basics nttps:leam mierosot.comlon-usfazurelload-balancertutora-natrule-mult-snstance-pertal 331125124, 737 PM Tutorial Cre ‘multiple virtual machine inbound NAT rule ~ Azure portal - Azure Load Balancer | Microsoft Learn Setting vm2 Instance details Virtual machine name myvM2 Availability zone 2 Administrator account Authentication type SSH public key SSH public key source Select Use existing key stored in Azure. Stored Keys Select myKey. Inbound port rules Public inbound ports Select None. Networking Network interface Public IP Select None. NIC network security group Select Advanced Configure network security group Select the existing myNSG Create a load balancer You create a load balancer in this section. The frontend IP, backend pool, load-balancing, and inbound NAT rules are configured as part of the creation. 1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results. 2. In the Load balancer page, select Create. 3. In the Basics tab of the Create load balancer page, enter, or select the following information: 2. Expand table nttps:leam mierosof.comlon-usfazureload-balancertutora-natrule-mult-snstance-perta ans1125124, 737 PM “Tutorial Create a multiple vitual machine inoound NAT rule - Azure portal Azure Load Balancer | Microsoft Learn Setting Value Project details Subscription Select your subscription. Resource group Select TutorialLBPF-rg. Instance details Name Enter myLoadBalancer Region Select West US 2. sku Leave the default Standard. Type Select Public. Tier Leave the default Regional. 4, Select Next: Frontend IP configuration at the bottom of the page. 5. In Frontend IP configuration, select + Add a frontend IP. 6. Enter myFrontend in Name. 7. Select IPv4 or IPv6 for the IP version. © Note IPv6 isn't currently supported with Routing Preference or Cross-region load- balancing (Global Tien). 8, Select IP address for the IP type. © Note For more information on IP prefixes, see Azure Public IP address prefix. 9, Select Create new in Public IP address. 10. In Add a public IP address, enter myPubliclP for Name. 11, Select Zone-redundant in Availability zone. nttps:leam mierosot.comlon-usfazurelload-balancertutora-natrule-mult-snstance-pertal 5131125124, 737 PM “Tutorial Create a multiple vitual machine inoound NAT rule - Azure portal Azure Load Balancer | Microsoft Learn © Note In regions with Availability Zones, you have the option to select no-zone (default option), a specific zone, or zone-redundant. The choice will depend on your specific domain failure requirements. In regions without Availability Zones, this field won't appear. For more information on availability zones, see Availability zones overview. 12. Leave the default of Microsoft Network for Routing preference. 13. Select OK. 14, Select Add. 15. Select Next: Backend pools at the bottom of the page. 16. In the Backend pools tab, select + Add a backend pool. 17. Enter or select the following inform: ion in Add backend pool <2 Expand table Setting Value Name Enter myBackendPool Virtual network Select myVNet (TutorialL BPF-rg). Backend Poo! Configuration Select NIC. IP version Select IPv4, 18, Select + Add in Virtual machines. 19. Select the checkboxes next to myVM1 and myVM2 in Add virtual machines to backend pool. 20. Select Add. 21, Select Add. 22, Select the Next: Inbound rules button at the bottom of the page. nttps:leam mierosof.comlon-usfazureload-balancertutora-natrule-mult-snstance-perta 631125124, 737 PM Tutorial Cre ‘multiple virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Micrsft Learn 23. In Load balancing rule in the Inbound rules tab, select + Add a load balancing rule. 24. In Add load balancing rule, enter or select the following information. Setting Name IP Version Frontend IP address Backend pool Protocol Port Backend port Health probe Session persistence Idle timeout (minutes) TCP reset Floating IP ‘Outbound source network address translation (SNAT) <2 Expand table Value Enter myHTTPRule Select IPv4 or IPV6 depending on your requirements. Select myFrontend. Select myBackendPoo! Select TCP, Enter 80. Enter 80. Select Create new. In Name, enter myHealthProbe. Select TCP in Protocol. Leave the rest of the defaults, and select OK. Select None. Enter or select 15. Select Enabled. Select Disabled, Leave the default of (Recommended) Use outbound rules to provide backend pool members access to the internet. For more information about load-balancing rules, see Load-balancing rules. 25. Select Add. 26. Select the blue Review + create button at the bottom of the page. 27. Select Create. nttps:leam mierosof.comlon-usfazureload-balancertutora-natrule-mult-snstance-perta 731125124, 737 PM Tutorial Cre ‘multiple virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Micrsft Learn Create a multiple VMs inbound NAT rule In this section, you create a multiple instance inbound NAT rule to the backend pool of the load balancer. 1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results. 2. Select myLoadBalancer. 3. In myLoadBalancer, select Inbound NAT rules in settings. 4, Select + Add in Inbound NAT rules. 5. Enter or select the following information in Add inbound NAT rule. © Expand table Setting Value Name Enter myNATRule-SSH. Type Select Backend pool Target backend pool Select myBackendPoo! Frontend IP address Select myFrontend. Frontend port range start Enter 221. Maximum number of machines in backend poo! Enter 500, Backend port Enter 22 Protocol Select TCP, 6. Leave the rest at the default and select Add. © Note To view the port mappings to the backend pool virtual machines, see View port mappings. nttps:leam mierosof.comlon-usfazureload-balancertutora-natrule-mult-snstance-perta ans1125124, 737 PM “Tutorial Create a multiple vitual machine inoound NAT rule - Azure portal Azure Load Balancer | Microsoft Learn Create a NAT gateway In this section, you create a NAT gateway for outbound internet access for resources in the virtual network. For more information about outbound connections and Azure Virtual Network NAT, see Using Source Network Address Translation (SNAT) for outbound connections and What is Virtual Network NAT?. 1. In the search box at the top of the portal, enter NAT gateway. Select NAT gateways in the search results. 2. In NAT gateways, select + Create. 3. In Create network address translation (NAT) gateway, enter or select the following information: © Expand table Setting Value Project details Subscription Select your subscription, Resource group Select TutorialLBPF-rg. Instance details NAT gateway name Enter myNATgateway. Region Select West US 2 Availability zone Select None. Idle timeout (minutes) Enter 15 4, Select the Outbound IP tab or select the Next: Outbound IP button at the bottom of the page. 5. In Outbound IP, select Create a new public IP address next to Public IP addresses. 6. Enter myNATGatewaylP in Name in Add a public IP address. 7. Select OK. nttps:leam mierosot.comlon-usfazurelload-balancertutora-natrule-mult-snstance-pertal ons1125124, 737 PM “Tutorial Create a multiple vitual machine inoound NAT rule - Azure portal Azure Load Balancer | Microsoft Learn 8. Select the Subnet tab or select the Next: Subnet button at the bottom of the page. 9. In Virtual network in the Subnet tab, select myVNet. 10, Select myBackendSubnet under Subnet name. 11, Select the blue Review + create button at the bottom of the page, or select the Review + create tab. 12, Select Create. Install web server In this section, you'll SSH to the virtual machines through the inbound NAT rules and install a web server. 1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results. 2. Select myLoadBalancer. 3, Select Fronted IP configuration in Settings. 4. In the Frontend IP configuration, make note of the IP address for myFrontend. In this example, it's 20.99.165.176. f= MyLoadBalancer | Frontend IP configuration x D Seah ch Aad © Rees civ © oven Ht Acivtyog P Tite ove F Aces contr a4 malin adress Ts Fla count 7 dw teal 9065.76 7 7 B iagnore and she rolems 5. If you're using a Mac or Linux computer, open a Bash prompt. If you're using a Windows computer, open a PowerShell prompt. 6. At your prompt, open an SSH connection to myVM1. Replace the IP address with the address you retrieved in the previous step and port 221 you used for the myVM1 nttps:leam mierosof.comlon-usfazureload-balancertutora-natrule-mult-snstance-perta 10113112504, 737 Pm “eos: Crate a able vitual machine ound NAT rua - Azure portal - Azure Lod Balance” Microsoft Learn inbound NAT rule, Replace the path to the .pem with the path to where the key file was downloaded. Console ssh -i .\Downloads\myKey.pem azureuser@2@.99.165.176 -p 221 Q Tip The SSH key you created can be used the next time your create a VM in Azure Just select the Use a key stored in Azure for SSH public key source the next time you create a VM. You already have the private key on your computer, so you won't need to download anything. 7. From your SSH se NGINX package. n, update your package sources and then install the latest Bash sudo apt-get -y update sudo apt-get -y install nginx 8. Enter exit to leave the SSH session 9, At your prompt, open an SSH connection to myVM2. Replace the IP address with the address you retrieved in the previous step and port 222 you used for the myVM2 inbound NAT rule. Replace the path to the .pem with the path to where the key file was downloaded. Console ssh -4 .\Downloads\myKey.pem azureuser@2@.99.165.176 -p 222 10. From your SSH session, update your package sources and then install the latest NGINX package. Bash sudo apt-get -y update nttps:leam mierosot.comlon-usfazureload-balancertutora-natrule-mult-nstance-perta ss1125124, 737 PM “Tutorial Create a multiple vitual machine inoound NAT rule - Azure portal Azure Load Balancer | Microsoft Learn sudo apt-get -y install nginx 11. Enter Exit to leave the SSH session. Test the web server You open your web browser in this section and enter the IP address for the load balancer you retrieved in the previous step. 1, Open your web browser. 2. In the address bar, enter the IP address for the load balancer. In this example, it's 20.99.165.176, 3. The default NGINX website is displayed. TaN) Dy Wane ona x |+ < G | A Wotsecwe | 2099:65:176 ® Git @ . Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nginx.or9. Commercial support is available at nginx.com. Thank you for using nginx. Clean up resources If you're not going to continue to use this application, delete the virtual machines and load balancer with the following steps: 1. In the search box at the top of the portal, enter Resource group. Select Resource groups in the search results. 2, Select TutorialLBPF-rg in Resource groups. 3. Select Delete resource group. nttps:leam mierosot.comlon-usfazurelload-balancertutora-natrule-mult-snstance-pertal 1291125124, 737 PM Tutorial: Cre ‘multiple virtual machine inbound NAT rule - Azure portal - Azure Load Balancer | Micrsft Learn 4, Enter TutorialLBPF-rg in TYPE THE RESOURCE GROUP NAME:. Select Delete. Next steps Advance to the next article to learn how to create a cross-region load balancer: nttps:leam mierosot.comlon-usfazurelload-balancertutora-natrule-mult-snstance-pertal 1913