For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Oct 27, 2006

GTM Intercept bypass?

Our DNS servers are sitting in a bridged vlan behind the GTM so I can intercept the DNS queries heading to the DNS server. Is it possible to disable this functionality based on source IP address on a...
application delivery
dev
devops
iRules
Pete_Thornewell's avatar
Pete_Thornewell
Historic F5 Account
Oct 31, 2006
This seems a bit of a waste of GTM's LB capabilities. You should really be able to specify that the translated addresses should be used instead of the public ones for particular source IP addressesin a rule. You could try (apologies my TCL fu is weak so the syntax might not be correct).

 

 

when LB_SELECTED {

 

if { [IP::client_addr] equals "10.x.x.x" } {

 

set addr [LB::server addr]

 

log "Internal request"

 

if { $addr equals "1.2.3.4" } {

 

node 10.2.3.4

 

}

 

elseif { $addr equals "1.2.3.5 } {

 

node 10.2.3.5

 

}

 

}

 

}

 

 

if the pool members global addresses were 1.2.3.4 and 1.2.3.5 with translation addresses 10.2.3.4 and 10.2.3.5 respectively.