Linux Virtual machine as a firewall on Microsoft Azure

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Linux Virtual machine as a firewall on Microsoft Azure was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, firewall, azure, , .

Is it possible to setup a Linux based virtual machine have two interfaces, one interface with LAN IP address assigned and other interface with Public IP address assigned.

I have tried setting up freedBSD virtual machine and have attached two NICs on it. At the moment I am not sure if it is possible to assign public IP on the interface so I can use this VM as a firewall and put rest of the VMs behind it.

Kindly assist.

You can’t assign a public IP directly to a NIC. This is a limitation by design. Inside your VM, all you see is the private IP address. You may, however, setup a virtual machine to be a virtual firewall appliance if that’s what you are trying to do. To achieve that, you need to setup two things:

NSG:

First of all, you need to turn off internet traffic to your virtual machine which is allowed by default when you create a new virtual network. Network security groups contain a list of rules that allow or deny traffic to your virtual machines in Azure. You have to deny inbound/outbound internet. Inbound is denied by default.

AllowInternetOutBound   65001   *   *   Internet    *   *   Deny

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg

UDR:

The other thing you have to do is to enable IP forwarding and change the flow of communication by creating a User-defined route. That is, instead of using the standard Azure Vnet Gateway to reach the internet or any other segment of the private network, you need to setup your Virtual Appliance to be the next hop and then let your router/firewall decide what to do with the request.

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Leave a Reply

Your email address will not be published.