For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

panos_101277's avatar
panos_101277
Icon for Nimbostratus rankNimbostratus
Jun 17, 2008

Have a series 9 BigIP do switching instead of SNAT

Hi,     I've been trying to find a way to get a series 9 (9.4.4) BigIP to do switching instead of nat so that requests to servers come from the real originating IP and not the load balance...
config
design
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Jun 17, 2008
Hi Panos,

 

 

LTM preserves the client's source IP without SNAT. So if you turn off SNAT and don't get a response back from the server, the most likely explanation is that the servers either do NOT have their default gateway set as the LTM, or they have some other route to get back to the client address (2nd NIC, static route, etc) and are bypassing their default gateway.

 

 

You can troubleshoot this by using tcpdump on the LTM's command line:

 

 

tcpdump -i host

 

 

will show you the traffic flow to and from that particular host, so you can see whether traffic is going to that server from LTM and whether or not it returns. You can use other filters (port, protocol, etc) to refine the tcpdump statement if you need to (type man tcpdump for a list of all the options).

 

 

Denny