Forum Discussion
Birchman_10128
Nimbostratus
NimbostratusCannot View Original clients source IP
Hi,
i have this issue regarding our current f5 LB. My problem is my web server is not seeing the original clients source IP address instead it's all getting my F5's interface IP. This is our setup Client ---> Firewall ----> F5 -----> WebServer. Can someone help me how to bypass the translation and forwards all source IP's to my WebServer? I tried disabling SNAT, NAT but doesn't work. Thank you and would appreciate anyone's help on this. Thanks!
3 Replies
Pawel_KwasniewiHi,
there is an profile option to choose called Insert X-Forwarded-For, you can enable it by creating new profile from the default one ie. http and setting Insert X-Forwarded-For on Enable. That should pass client IP address in the http header.
Pawel.- Eric_St__John
Employee
Your options are limited due to the fact that the web servers do not have a default route back through the BIGIP. As a result you must SNAT, which causes the traffic to assume one of the addresses from the BIGIP. As Pawel mentioned, you can enable Insert X-Forwarded-For on the HTTP profile, which will insert a header into the communication, that the web server can then log. This can be done natively on most web server software, though on some older versions of IIS it will require an ISAPI filter. - nitassso, is webserver's default gateway f5?
I tried disabling SNAT, NAT but doesn't work.what does not working mean? was client ip still translated? if so, how did you disable snat?
