0

In an azure RM load-balancer I can create a nat rule FTP using powershell, but would also like to set the target virtual machine using powershell. The only way I know how to set the target is in the portal.

I have two VMs in the load balancer. I tried using Add-AzLoadBalancerInboundNatRuleConfig, but don't see a parameter for target VM.

My script: $lb | Add-AzLoadBalancerInboundNatRuleConfig -Name $EndpointName -FrontendIPConfiguration $feip -Protocol "Tcp" -FrontendPort $i -BackendPort $i

If it's not possible to set the target in powershell, what alternatives are there besides the portal?

I found the answer. The key is to add the LoadBalancerInboundNatRuleId to the Ip Configuration.

Here's a function to get the LoadBalancerInboundNatRuleId that I created for this purpose:

Function natRuleID ($sourcePortName) {
return  "/subscriptions/$subscriptionID/resourceGroups/$rgName/providers/Microsoft.Network/loadBalancers/$lbName/InboundNatRules/$sourcePortName"
}

And here is my sample script that adds two load balancer nat rules and then sets the target network interface for a virtual machine:

# Add Load Balancer Nat Rules:
$lb = Get-AzLoadBalancer -Name $lbName -ResourceGroupName $rgName
$feip = Get-AzLoadBalancerFrontendIpConfig -Name $feipName -LoadBalancer $lb
$lb | Add-AzLoadBalancerInboundNatRuleConfig -Name $natRuleRdpName-FrontendIpConfiguration $feip -Protocol tcp -FrontendPort $rdpPortNumber -BackendPort 3389
$lb | Add-AzLoadBalancerInboundNatRuleConfig -Name $natRuleFtpName -FrontendIPConfiguration $feip -Protocol "Tcp" -FrontendPort $ftpPublicPortForImplicit990  -BackendPort 990
$lb | Set-AzLoadBalancer  #save the new LB rules

# Set nat rule targets:
Function natRuleID ($sourcePortName) {
    return  "/subscriptions/$subscriptionID/resourceGroups/$rgName/providers/Microsoft.Network/loadBalancers/$lbName/InboundNatRules/$sourcePortName"
    }
$rules = @()
$rules = $rules += natRuleID($natRuleFtpName)
$rules = $rules += natRuleID($natRuleRdpName)
$nic = Get-AzNetworkInterface -Name $nicName -ResourceGroupName $rgName
$nic | Set-AzNetworkInterfaceIpConfig -Name $ipConfigName  -LoadBalancerInboundNatRuleId $rules
$nic | Set-AzNetworkInterface #save the new ipConfig rules
Gary S
  • 46
  • 6
  • @CharlesXu Your answer wasn't responsive: the post stated target can be set in the portal, and the question was: can VM target be set using powershell. – Gary S Jun 02 '19 at 16:11
  • Do you read my answer carefully? I said you need to PowerShell command to add the Nat rule associated with the VM, also, in the portal, you can do it only in one step. – Charles Xu Jun 03 '19 at 01:08
  • @CharlesXu I don't see a parameter for a target VM in Add-AzNetworkInterfaceIpConfig. Do you have an example of how you would set the target in powershell? – Gary S Jun 06 '19 at 00:43
  • The interface is already associated with the VM. Why do you find the parameter for the VM? – Charles Xu Jun 06 '19 at 01:26
  • Regardless, my interface is already setup and associated with load balancer rules, so creating an interface is not an option. My post involves a nat rule targeting a VM. – Gary S Jun 06 '19 at 01:33
  • You do not understand me. I mean the interface associated with the VM, not create a new one, OK? All the network configuration for the VM mean the configuration for the interface that associated with the VM. – Charles Xu Jun 06 '19 at 01:37

3 Answers3

2

For the Load Balancer Nat rules, it describes like this:

Standard Load Balancer backend pools expand to any virtual machine resource in a virtual network. It can contain up to 1000 backend instances. A backend instance is an IP configuration, which is a property of a NIC resource.

So there are two steps to create for the VM:

  1. create the nat rule in the load balancer, the PowerShell command is Add-AzLoadBalancerInboundNatRuleConfig, Azure CLI command is az network lb inbound-nat-rule create.
  2. associate the nat rule to the VM nic, the PowerShell command is Add-AzNetworkInterfaceIpConfig, Azure CLI command is az network nic ip-config inbound-nat-rule add.

You can add the Nat rule in one step in the portal, but you need to do two steps through command. And you also need to pay attention to that the NSG rule is also necessary to allow the traffic to the port.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
0

Gary, I understand the issue you are facing, I am also trying to configure Target VM and Network IP Configuration (incase VM is associated with two NICs) through PS. However I am not able to do so, since the commandlet "Add-AzLoadBalancerInboundNatRuleConfig" doesn't come with Target VM Parameter.

I was able to get the FrontendIPs and Inbound NAT Rules. However to set the Target VM and NIC associated to those inbound nat rules is a challenge.

"Add-AzLoadBalancerInboundNatRuleConfig" doesn't show the inbound nat rule in the LB Settings section though.

Below Script will help you get existing Target VM Name and NIC.

$lb = Get-AzLoadBalancer -ResourceGroupName $rgname -Name $lbname $lbinboudnatrule = Get-AzLoadBalancerInboundNatRuleConfig -LoadBalancer $lb foreach($lbrule in $lbinboudnatrule) { $bip = $lbrule.BackendIPConfiguration.Id -split '/subscriptions/---------------/Microsoft.Network/networkInterfaces/' $info = $bip -split '-----------/ipConfigurations/' $wrapper = New-Object PSObject -Property @{ NATRuleName = $lbrule.Name; TargetVirtualMachine = $info[1]; NetworkIPConfiguration = $info[2]} $wrapper | Export-csv -Path C:/Temp/lb.csv -Append -NoTypeInformation }

Garima Goyal
  • 1
-2

You need to set it up on the NSG, below is a snippet sample from a script i created to do similar for RDP port.

Add-AzureRmNetworkSecurityRuleConfig -Name $ruleName -NetworkSecurityGroup $nsg -Access Allow -Description "Allowing RDP connection from current location" -DestinationAddressPrefix * -DestinationPortRange $port -Direction Inbound -Priority $priorityNew -Protocol * -SourceAddressPrefix $current_IP -SourcePortRange *
$hout = Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
Hannel
  • 1,656
  • 3
  • 10
  • 17