For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tosin_Omojola's avatar
Tosin_Omojola
Icon for Altostratus rankAltostratus
Mar 15, 2017

BIGIP Not responding to a proxy request

Hi

I am trying to setup BIGIP V12.1.1 as a pure forward proxy. I created a route entry for 0.0.0.0/0 to be sent to a gateway IP, 192.168.104.2 ( that's native default_route setting, right). Then I have a VS on 192.168.104.104:0

After this, I entered the VIP as the proxy server IP in my client browsers. Requests are getting to the BIGIP but are not being responded to. I did a tcpdump and found the following:

192.168.51.17.50154 > 192.168.104.104.80: Flags [.], cksum 0xd208 (correct), ack 1, win 65535, length 0 in slot1/tmm1 lis=/Common/ctrx-prx-vs2
17:54:51.933205 IP (tos 0x0, ttl 126, id 20067, offset 0, flags [DF], proto TCP (6), length 312)
    192.168.51.17.50154 > 192.168.104.104.80: Flags [P.], cksum 0x3f99 (correct), seq 1:273, ack 1, win 65535, length 272 in slot1/tmm1 lis=/Common/ctrx-prx-vs2
17:54:51.933272 IP (tos 0x0, ttl 255, id 37688, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.104.104.80 > 192.168.51.17.50154: Flags [.], cksum 0x1ce5 (incorrect -> 0xbecc), ack 273, win 4652, length 0 out slot1/tmm1 lis=/Common/ctrx-prx-vs2
17:54:51.933524 IP (tos 0x0, ttl 255, id 37690, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.104.104.80 > 192.168.51.17.50154: Flags [R.], cksum 0x1ce5 (incorrect -> 0xd0f4), seq 1, ack 273, win 0, length 0 out slot1/tmm1 lis=/Common/ctrx-prx-vs2
17:54:55.873948 IP (tos 0x2,ECT(0), ttl 126, id 20089, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.51.17.50155 > 192.168.104.104.80: Flags [SEW], cksum 0xf290 (correct), seq 923886504, win 65535, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
17:54:55.873990 IP (tos 0x0, ttl 255, id 45854, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.104.104.80 > 192.168.51.17.50155: Flags [S.], cksum 0x1ced (incorrect -> 0x43f4), seq 468358997, ack 923886505, win 4380, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/ctrx-prx-vs2
17:54:55.874130 IP (tos 0x0, ttl 126, id 20090, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.51.17.50155 > 192.168.104.104.80: Flags [.], cksum 0x80d3 (correct), ack 1, win 65535, length 0 in slot1/tmm0 lis=/Common/ctrx-prx-vs2
17:54:55.874237 IP (tos 0x0, ttl 126, id 20091, offset 0, flags [DF], proto TCP (6), length 250)
    192.168.51.17.50155 > 192.168.104.104.80: Flags [P.], cksum 0xb18c (correct), seq 1:211, ack 1, win 65535, length 210 in slot1/tmm0 lis=/Common/ctrx-prx-vs2
17:54:55.874321 IP (tos 0x0, ttl 255, id 45859, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.104.104.80 > 192.168.51.17.50155: Flags [.], cksum 0x1ce5 (incorrect -> 0x6e13), ack 211, win 4590, length 0 out slot1/tmm0 lis=/Common/ctrx-prx-vs2
17:54:55.874551 IP (tos 0x0, ttl 255, id 45861, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.104.104.80 > 192.168.51.17.50155: Flags [R.], cksum 0x1ce5 (incorrect -> 0x7ffd), seq 1, ack 211, win 0, length 0 out slot1/tmm0 lis=/Common/ctrx-prx-vs2

Also, the firewall ( 192.168.104.2 ) is not getting the expected return packets from BIGIP whereas, it's getting the request packets from the clients.

Please advise.

Thank you.

application delivery
BIG-IP
No RepliesBe the first to reply