Reputation: 4546
Azure load balancer with NAT rule hiding port for RDP
I have internet facing Azure load balancer with public static IP (call it PIP) and I added a NAT rule - forward TCP port 12345 to local (subnet's IP) 10.2.2.2:3389 (VM that doesn't have public IP). And I'm trying to set NSG for subnet and VM's NIC.
subnet's NSG rules (all TCP):
- 100: Source PIP:* => 10.2.2.2:3389 (from load balancer IP to VM's local IP)
- 120: Source Internet:12345 => 10.1.2.4:3389
VM's NSG rules:
- 100: PIP:* => 10.2.2.2:3389
and here's the problem: if I use Network Watcher's IP flow verify and set local IP to 10.2.2.2:3389, Remote IP:[PIP:12345] I get green light. Same with setting both ports (local and remote) to 3389. But when I'm trying to Remote Desktop to that VM from outside I get a connection error!
I have no idea why. The VM is up and running, all good here.
Upvotes: 0
Views: 1979
Answers (1)
Reputation: 13974
You should change your subnet NSG inbound rules like this:
120: Source Internet:12345 => 10.2.2.2:3389
You should allow public IP address (from outside) to access your Azure subnet.
Upvotes: 0
Related Questions
- Azure Load Balancer - cannot reach port unless it is open in Network Security Group
- Azure VMSS with application gateway and NAT rules
- Inbound NAT Pool, how to discover external port?
- Azure Vnet peering with public IP load balancer
- Assign Public IP address to Azure Load Balancer
- Azure VM endpoint: mapping public port to a different local port
- Azure Loadbalancer PORT issuse
- Inbound NAT rules on Load balancer in Azure ARM, how to specify RANGE of ports?
- Azure internal load balancer IP
- Configuring Azure load balancer and NAT rules