Azure VM endpoint: mapping public port to a different local port

Question

I was wondering if it is possible to map a public ip port (e.g. port 80) to a different local/private ip port (e.g. port 81) on a Azure iaas VM. I believe this was doable in the old portal and it is doable via Add-AzureEndpoint (does the Add-AzureEndpoint add the endpoint to the network security group for the VM?) but is it feasible via the new azure portal?

Answer 1

There's a portproxy built into netsh that can do that for you without additional infrastructure: https://technet.microsoft.com/en-us/library/cc731068(v=ws.10).aspx#BKMK_1

netsh interface portproxy add v4tov4 listenport=81 connectport=80 connectaddress=127.0.0.1

If your VM runs Linux just use iptables.

iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 81

(i'm just winging the syntax for both commands here, don't copy paste but go through the documentation instead.)

Answer 2

If you need to use port-forwarding to map a unique external port to an internal port on your VM, use a load balancer and Network Address Translation (NAT) rules. For example, you may want to expose TCP port 8080 externally and have traffic directed to TCP port 80 on a VM. You can learn about creating an Internet-facing load balancer.

Reference:
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-get-started-internet-arm-ps
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/13069704-allow-basic-port-forwarding-in-network-security-gr