BigIP Remove the source address of host

first of all, i'm not an expert but just wann help if i can. :-)

 

 

what is nodes' default gateway? is it bigip?

 

if so, would u mind trying to remove snat under virtual config?

 

 

the other way is to use x-forwarded-for http header.

 

 

sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

 

http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

 

 

cheer!

hi and thx for reply,

 

 

nodes are the physical machine (server) there are two nodes (phyiscal machine) in diagram 192.168.1.2 and 192.168.1.1, it is not gateway or bigip

 

 

i have configured the virtual server (192.168.1.3) SNAT Pool to "automap", should i return to "none", i am new to bigip can you please tell me more about snat what it do ?

 

is it oridnary NAT ?

 

 

Big thanksssssssssssssssssss even if u r not expert :):)

 

 

SNAT is literally Source-NAT. Basically its telling the VS to act as a proxy... So the backend (Poolmembers) see the IP connection coming from one of the BigIP's addresses (Automap will use the floating self-ip of the interface that routes to the poolmembers).

 

 

To have the client IP preserved, disable SNAT, enable NAT (The F5 then NAT's the proxied connection back to the address and port of the client). The poolmembers then need to use the F5 (SelfIP) as the default gateway back to the client.

 

 

H

when i put the snat none, the virtual server is not working

 

 

how to enable nat ?

 

 

About 5 items below the SNAT option when configuring the Virtual Server. There's separate options for 'Address Translation' and 'Port Translation'. Select both. Then make sure the default gateway back to the client IP is via the F5 floating self-ip address that directly connects to the poolmembers. (I suspect that's already done, unless you were running the poolmembers in a kind of n-path configuration)

 

 

I think it's more likely that the only thing wrong is your poolmembers are routing back direct to the client via a separate router, since it looks like you're running the F5 single armed (Sorry, can't see your picture, so no network diagram to verify)...

 

 

H

 

 

when i put the snat none, the virtual server is not working

 

 

 

nodes are using bigip as their default gateway?

 

what is client ip address? it isn't in virtual subnet (192.168.1.0), is it?

hi, in the attachment there is full diagram of what i am discussing

As Nitass and Hamish have suggested, if you have the default gateway on 192.168.1.1 and 192.168.1.2 set to the LTM self IP on the 192.168.1.0/24 subnet, you can set SNAT on the virtual server to none and the servers will see the original client IP address. As Hamish said, make sure to leave (destination) address and (destination) port translation enable on the virtual server properties.

 

 

Aaron

thanks Boss for yr reply i will try it and give my feedback

i have tried it i cant remote desktop or access http servers now , since i change the default gateway to ip of Bigip not coreswitch

 

 

any suggestion ?