GCE: How do you create a forwarding rule from port 80 external to port 5555 internal

Question

Im using google compute engine for the first time. I would like to set up a network loadbalancer (with static ip) that listens on port 80, but forwards to a backend server lis

Answer 1

Currently, port forwarding is not a GCE load balancer (LBs) feature: LBs forward new incoming requests to target pools (TPs), which distribute among its instances. No IP or port mapping is performed, as only the incoming request is forwarded. LBs expose the ports as they are. So, for multiple ports, you can define a port range, or one different LB for each one.

To achieve something like this, you can use a port forwarding setup with HAProxy, NAT at instance level with IPTables, or redirect clients from port 80 to port 5555 at software level.

With Kubernetes, you can achieve port forwarding easily by using services. Services define a proxy that will do all the necessary iptables magic for port forwarding automatically. Hope this helps.

Answer 2

after a lot of reading and testing, I found a solution that allows GCE to proxy a request to an internal port on a different port. To forward to a different port, I had to setup Proxies, ServerPools, UrlMaps, etc, so the setup is much more complex than just a basic network forward.

##############################
# Setting up API port forwarding from external 80 to internal 5555
export INTERNAL_PORT=5555    #The port number that api is running on. 
export EXTERNAL_PORT=80      #The port number that will be exposed externally by the proxy

export ZONE=us-central1-b
export NETWORK=mynetwork

export INSTANCE_GRP="api-us"
export HEALTH_CHECK="api-basic-check"
export HEALTH_CHECK_CHECKPATH="/isok"
export BK_SRV_SERVICE="api-srv"
export PROXY_NAME="api-proxy"
export URLMAP_NAME="api-urlmap"
export HTTP_FW_NAME="api-http-fw-rule"
export ADDRESS_NAME="api-external-ip"

export BACKEND_SRV01="apiserver01"

gcloud preview instance-groups --zone $ZONE create $INSTANCE_GRP  --network $NETWORK
gcloud preview instance-groups --zone $ZONE instances \
    --group $INSTANCE_GRP add $BACKEND_SRV01
#The load balancing service by default looks for a service with a key of http. 
gcloud preview instance-groups --zone $ZONE add-service $INSTANCE_GRP \
    --port $INTERNAL_PORT --service http

gcloud compute http-health-checks create $HEALTH_CHECK \
    --check-interval 5s --healthy-threshold 2 \
    --port $INTERNAL_PORT --timeout 3s --unhealthy-threshold 4 \
    --request-path $HEALTH_CHECK_CHECKPATH

gcloud compute backend-services create $BK_SRV_SERVICE \
        --http-health-check $HEALTH_CHECK
gcloud compute backend-services add-backend $BK_SRV_SERVICE \
    --group $INSTANCE_GRP --zone $ZONE

gcloud compute url-maps create $URLMAP_NAME --default-service $BK_SRV_SERVICE
gcloud compute target-http-proxies create $PROXY_NAME --url-map $URLMAP_NAME

#create a static address to expose externally so that we can keep it if we remove the proxy.
gcloud compute addresses create $ADDRESS_NAME --global
export IP=`gcloud compute addresses describe $ADDRESS_NAME --global --format json | jq --raw-output '.address'`

gcloud compute forwarding-rules create $HTTP_FW_NAME --global \
    --target-http-proxy $PROXY_NAME --port-range $EXTERNAL_PORT --address $IP 

echo $IP # This is the IP to use for DNS etc...