In Azure we have an Internet-facing load balancer that directs requests to a VM hosting IIS acting as our reverse proxy which then directs traffic to the appropriate ASP.NET Core 1.0 windows service on another VM. So a request takes the following route:
Internet-facing load balancer to a IIS Reverse Proxy hosted on a Windows Server VM to a ASP.NET Core 1.0 windows service hosted on another windows VM.
For the Network Security Group hosting our ASP.NET Core 1.0 windows service we would like to create an inbound security rule to only allow traffic from the source IP of the IIS Reverse Proxy VM. But we are noticing that we end up having to use the IP address of the Internet-facing load balancer instead. Why would requests that arrive at the ASP.NET Core 1.0 windows service VM have the source IP of the Internet-facing load balancer? Shouldn't they have a source IP of the IIS Reverse Proxy VM?