When designing Blueprints using the Blueprint Designer there is a temping task available called add public ip address.
When executing this task the following happens:
- An additional private IP address is assigned to the server.
- This new private IP address receives a public NAT.
- Only specific ports can be enabled through the dialogue.
- The default egress IP continues to be an un-NATed primary private IP.
Many customers designing Blueprints desire the following behavior:
- NAT public IP address to their existing primary IP address
- Permit traffic with destined towards arbitrary ports
This is solved by including one of the following packages in your Blueprint instead of the tempting, but likely unwanted, add public ip address task.
- Create/Update Public IP NAT to Primary Private IP Address on Linux
- Create/Update Public IP NAT to Primary Private IP Address on Windows
Specify the ports to open as a Design Time parameter and use the following
- Single port - 80/tcp 443/tcp 53/udp
- Port range - 1-1024/tcp
Specify multiple port/protocol tuples with space delimiters.