Configuring Backend Firewalls to Allow NodeBalancer Traffic

Linode Staff

My NodeBalancer is not able to reach the private IP address of one of my backend Linodes.

I've allowed inbound connections from the NodeBalancer's public IP address within my backend's firewall, but it still isn't able to connect to the backend Linode. Any idea why?

3 Replies

As mentioned in our NodeBalancer Reference Guide, our NodeBalancers communicate with their backends over a private network. As such, you'd want to allow connections for the NodeBalancer's private IP address in your backends' firewalls.

It's important to note that while your NodeBalancer's public IP address will never be altered, its private IP address may change over time. To ensure that your NodeBalancer will always be able to communicate with its backends over the private network, you'll want to allow connections for the entire IP address range that we use for NodeBalancers.

Is this true that my nodebalancer private IP address can change? Randomly? How often could this happen? Do we get any notifications of this change?

I really don't want to trust traffic from the entire IP address range of nodebalancers, I just want to trust the one I've configured.

Are the questions/concerns asked by @toshiba-it still valid?

If so, do we really need to add address range for NodeBalancers?

Looking forward for your explanation. Thanks!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct