+1We are setting up Google Cloud Load Balancer, and wish to distribute load to a number of webservers/VMs.
We wish to keep external IPs on the VMs to allow for software updates etc.
We also wish to protect the webservers from external traffic with a firewall, so only the load balancer can access them.
Is that possible? As the load balancer only functions as a passthrough, the visitor IP is what the firewall sees.
How can we use the firewall to only allow traffic from the loadbalancer?
Best answer by Absonny00-coder
Yes sir . it’s possible to restrict VM access so only Google Cloud Load Balancer traffic reaches them. You cannot simply filter by the load balancer’s frontend IP, because the firewall sees the original client IP. Instead, Google provides reserved IP ranges for load balancer proxies. You must configure firewall rules to allow traffic only from those ranges, while blocking all other external source.
Tip Recommendation
- Use firewall rules that allow only Google’s load balancer proxy IP ranges.
This way, your VMs remain protected from direct external traffic, while still being reachable through the load balancer.
+1Yes sir . it’s possible to restrict VM access so only Google Cloud Load Balancer traffic reaches them. You cannot simply filter by the load balancer’s frontend IP, because the firewall sees the original client IP. Instead, Google provides reserved IP ranges for load balancer proxies. You must configure firewall rules to allow traffic only from those ranges, while blocking all other external source.
Tip Recommendation
- Use firewall rules that allow only Google’s load balancer proxy IP ranges.
This way, your VMs remain protected from direct external traffic, while still being reachable through the load balancer.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.