Forum Discussion
External VS and internal pool members port 80 issue
I hope this is the correct forum. I'm a currently have an issue with setting up an external VS to connect to an internal node member.
ex)
VS xyz (external f5/outside the firewall over port 80) <--> pool xyz (port 80) <--> members (internal pool member/node/inside the firewall with port 80 open)
If you make a request to a txt file from port 80 VS to a internal member/node over port 80, it fails.
NOTE: Tried this with port translation off/on and got the same results.
If you make a request to a txt file from port 80 VS to a internal member/node over port 8080, it successful.
NOTE: Works with port translation turned on.
URL: http://wwwqaddev.qad.com/servername.txt
Any ideas on why this would happen?
Thanks!
Regards,
TRX
- HamishCirrocumulusFrom that description I would suggest that either the pool members are really listening on port 8080, and not port 80 aft all, or there is a firewall (or other nat device) doing port translation between them...
- Michael_YatesNimbostratusDo you have SNAT Automap Enabled (on VS xyz)?
- Let me get back to you on my results.
- Hello ,
The IP of target internal server is NOT on the external f5. SNAT is enabled, address translation, and port translation is enabled.
I've tried it with snat disabled and port translation disabled, but the issue is still exist. Not sure what to try next. The problem seems to have trouble connecting from the same port from the external f5 to the same server port (on the internal f5 or direct on the internal server).
Any more ideas or things to try?
Regards,
TRX
- hooleylistCirrostratusLike Hamish suggested, it seems like something after the DMZ LTM is doing port translation. You can use tcpdump to verify LTM is sending the request to the pool members on port 80 and then use tcpdump on the internal LTM to see if the request is making it there. If see packets leaving the external LTM but not arriving on the internal LTM, it's probably something in between blocking it.
- Thanks. The firewall was blocking the external f5 ip. Issue is now resolved.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com