can't connect to my own external network?
In a nutshell, we have a farm of webservers behind a BigIP (using the BigIP as their default route), and the apps on those webservers occasionally make calls out to the real world via a 0.0.0.0 virtual server on the F5 (ie. it's a transparent forward proxy, if I didn't bungle the terminology). Works great to get to google, wherever.
But one of the apps wants to call it's own domain name (it's hardcoded in the app, not something I can easily change), and we fail to connect to anything on our own external interface. Or - we apparently connect with the proxy virtual server, send our headers, and get back a cert but no respons headers; wget says "Read error (Connection reset by peer) in headers." and retries, over and over.
So, I say "bummer" and try it out in our QA... where it *works fine* (I connect to both the real world and our own network dandy). I've been slogging thru the bigip.conf in both places, trying to find why it would be different, and so far as I can tell they're identical (or as identical as QA/prod can really be, considering we do run different domains) - notably, the proxy is totally identical.
So - I'm baffled. Can anyone suggest what might be different where I couldn't access my own external network from the inside? (If I ssh to the BigIP itself, I can access those IPs fine, of course). I figure since the proxy is identical, it's got to be something about the environment on the BigIP that it lives in... but all of the obvious things seem fine...
anyway - stumped. I'm going to put in a support ticket, but more often than not I get better ideas from the community than I do from official support (not F5, just in general), so I figure I'd put out a feeler, see if someone saw just this last week and wants to share. Thanks for any guidance anyone can share...
-- Tom Bortels - firstname.lastname@example.org