How NAT port forwarding works in Internal Load Balancer in azure?

0
votes

I'm trying to create a internal load balancer in azure to manage the traffic. I have two VM's attached to the Backend pool and assigned a private ip for FE Load Balancer and attached NATrule1 & 2 to each vm by following azure doc. My questions is how this port forwarding works in the below NAT rules

azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule1 --protocol TCP --frontend-port 5432 --backend-port 3389

azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule2 --protocol TCP --frontend-port 5433 --backend-port 3389.

Frontend is having different port number and backend is having same port number. When the traffic comes through two ports in front end, how backend port will decide to which vm traffic should be sent ? Isn't that port numbers should be reverse like

azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule1 --protocol TCP --frontend-port 3389 --backend-port 5432

azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule2 --protocol TCP --frontend-port 3389--backend-port 5433.

(I'm doing this through CLI 2.0) Any help will be greatly appreciated. Thanks.

1
azurecommand-line-interfaceazure-virtual-network

1 Answers

0
votes
azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule1 --protocol TCP --frontend-port 5432 --backend-port 3389

azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule2 --protocol TCP --frontend-port 5433 --backend-port 3389

We should use this script to create NAT rules.

We can't use the same ports for one IP address to connect to different services.

Let's say, if we use second scripts to create NAT rules, it will like this:

192.168.1.4:3389--------->10.0.0.4:5432
192.168.1.4:3389--------->10.0.0.4:5433

The outside network traffic will confuse, so we can't use second script to create NAT rules. RDP service listen on port 3389 by default.

If we use script 1 to create NAT rules, like this:

192.168.1.4:5432--------->10.0.0.4:3389
192.168.1.4:5433--------->10.0.0.4:3389

In this way, when we try to access 192.168.1.4:5432, NAT will forwarding traffic to 10.0.0.4:3389. If we try to access 192.168.1.4:5433, NAT will forwarding traffic to 10.0.0.4:3389.