0
votes

Load Balancer is configured to redirect TCP requests on the front port 80 to backend port 8080. That worked fine till I removed "Allow-Port-8080" rule from the Network Security Groups attached to pool VMs.

In my understanding Load Balancer is always allowed by default due to AllowAzureLoadBalancerInBound security rule that I did not touch. Isn't it?

Moreover, port 8080 on pool VMs is reachable from hosts in the same virtual network, so there is no issue with local firewall which is not running on Centos Azure hosts by default BTW.

So to sum up - the question is why should I add an inbound security rule to let Load Balancer to redirect requests to a particular port.

1

1 Answers

1
votes

After considering the issue a bit more I've realized that AllowAzureLoadBalancerInBound security rule only applies to the traffic originated by the Load Balancer - health probes, etc.

For all LoadBalancer-redirected traffic general security rules apply, hence we should setup security rules accordingly.