Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusAFM NAT - how to implement
Hi,
That is probably something easy and I have to be missing tiny detail but as for now I am stuck :-(
I need to create something that I think is classic FW NAT. My goal is like that:
...
dragonflymr
Cirrostratus
CirrostratusI can't as well understand tcpdump on VIP VLAN. After receiving SYN to VIP:887 I can see plenty of ARP request sourced from self IP on the VIP VLAN. Those are not replied.
Why BIG-IP is sending ARP request for VIP on the same BIG-IP?
19:05:01.324186 IP 192.168.176.159.11000 > 192.168.177.21.887: Flags [S], seq 1886485909, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=4 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:01.324709 ARP, Request who-has 192.168.177.21 tell 192.168.177.253, length 112 out slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:02.324409 ARP, Request who-has 192.168.177.21 tell 192.168.177.253, length 112 out slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:03.324074 ARP, Request who-has 192.168.177.21 tell 192.168.177.253, length 112 out slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:04.324039 ARP, Request who-has 192.168.177.21 tell 192.168.177.253, length 112 out slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:04.330834 IP 192.168.176.159.11000 > 192.168.177.21.887: Flags [S], seq 1886485909, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/tmg-nat_vs flowtype=65 flowid=5700D0B97F80 peerid=5700D0B98080 conflags=1002010000202A4 inslot=1 inport=4 haunit=0 priority=3 peerremote=00000000:00000000:0000FFFF:C0A8B115 peerlocal=00000000:00000000:0000FFFF:C0A8B09F remoteport=80 localport=6893 proto=6 vlan=377
19:05:05.324016 ARP, Request who-has 192.168.177.21 tell 192.168.177.253, length 112 out slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:06.323872 ARP, Request who-has 192.168.177.21 tell 192.168.177.253, length 112 out slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
19:05:09.324209 IP 192.168.177.21.887 > 192.168.176.159.11000: Flags [R.], seq 0, ack 1886485910, win 0, length 0 out slot1/tmm1 lis=/Common/tmg-nat_vs flowtype=65 flowid=5700D0B97F80 peerid=5700D0B98080 conflags=1002010000202A4 inslot=1 inport=4 haunit=1 priority=0 rst_cause="[0x23f0b6d:284] handshake timeout" peerremote=00000000:00000000:0000FFFF:C0A8B115 peerlocal=00000000:00000000:0000FFFF:C0A8B09F remoteport=80 localport=6893 proto=6 vlan=377
- 168.176.159 - client IP
- 168.177.21 - VIP
- 168.177.253 - Self IP
Piotr