Forum Discussion
NimbostratusAutomap / Snat
I wrote an irule to redirect traffic to specific web servers. As part of this I want to mask all traffic so it looks like on the F5 is talking to the webserver so I enabled AUTOMAP. When I look at the IIS logs the http get request has the client IP not the f5 IP (looks like automap isn't working or doing what I thought). Should I be using SNAT instead?
6 Replies
ArieAltostratus
Automap uses SNAT, so you should be seeing the BIG-IP's address as the source. I'm wondering if you are injecting the X-Forwarded-For header. If so, the web server may be using that for the logs. It would have to be configured that way on the OWS for this to be the case, though.
pedinopa_170325I am not injecting the x-forwarded-for header.- awilhelm
Employee
If you have enabled Source Address Translation but it is not having an effect, please open a support case. - pedinopa_170325I think I need a intelligent snat because the webservers are on different subnets than the F5
Nfordhk_66801Hi Pedinopa, What are the gateways of your servers, is it the BIG IP? This could be the reason why the client IP is still passing.- tatmotiv
Cirrostratus
You say you wrote an iRule for REDIRECTING traffic to a specific webserver. That would force the client to open a totally new tcp connection to that server directly after receiving the redirect from the f5, in which case the SNAT setting (automap or SNAT pool) of your virtual processing the iRule will have no effect. That is probably the reason why you see the real client IP in your webserver logfiles.
