Forum Discussion
NimbostratusF5 - External/Internal Installation, Wild Card Virtual Forwarding Server Not Working Correctly
I have the following installation - IP Subnets changed from actual (VIP Works Fine)
* External Network 10.1.1.0/24 (default route points to 10.1.1.1)
* Internal Network 10.254.1.0/25 (Old Default Gateway 10.254.1.1)
Both of these networks are routable (internally) from any workstation. I have change the Internal VIP LB machine to 10.254.1.2 (Big-IP Floating IP address). No SNAT (and cannot use due to vulnerability scanning masked as the F5, A/V blocks and downs the VIP).
For the forwarding server, it is all ports, 0.0.0.0/0 and all protocols and enabled on both the External Network and Internal network. I also created a new FastL4 to allow loose open and closes, due to the asynchronous routing.
What I see if we ping, from a machine on another internal network (192.168.1.0/24) via Wireshark on the LB server, I see the request come in (192.168.1.1 --> 10.254.1.1 --> LB Server). I also see the response go out, (LB Server --> F5), though the F5 drops this, as I never see it on the client machine. If I ping out from the LB server, all I see is a request but never a response.
What am I forgetting to configure to allow these LB servers to talk to the internal networks? Any help is appreciated.
1 Reply
janholtzAltostratus
I'm sure to be missing something, but from 1st principles, have you set:
System ›› Configuration : Local Traffic : General
SNAT Packet forwarding to ALL protocols?
Is the return packet to the client IP (192.168.x.x) reaching the g/w (10.1.1.1)?
If so, since we are not SNATing, does the g/w know how to reach the 10.254.1.0/25 network?
Can you give us some more details, I would recommend running tcpdump in an F5 shell.
BR Jan
