For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

touch_93816's avatar
touch_93816
Icon for Nimbostratus rankNimbostratus
May 26, 2011

Help Port redirection

Hi All

 

 

I am new about IRule and facing a difficulty. Could anyone help me out? Thank you very much.

 

 

 

My scenarios is

 

 

 

there are two nodes in my pool and I want to use IRule to distribute the traffic to different node based on the incoming port to the same destination port 22.

 

 

 

My IRule is below

 

 

 

when CLIENT_ACCEPTED {

 

switch [TCP::local_port] {

 

"5810" { pool newpool member 192.168.1.1 22 }

 

"5811" { pool newpool member 192.168.1.2 22 }

 

}

 

}

 

 

 

After I deploy this IRule, I find there is no traffic from 5810 on my laptop to port 22 on my destination(192.168.1.1) but there is traffic to 5810 which is not being used by any application when I telnet from my laptop.

 

 

 

Above all I can not achieve my goal. Is there anything wrong in my IRule to stop traffic from 5810 to 22?

 

 

 

 

 

Do you have any idea about this? Looking forward to see your reply soon.

 

 

 

 

 

Thank you and HELP......

 

application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 26, 2011
    Hi Touch,

    Can you clarify what's failing? Are you trying to telnet (or use an SSH client?) to connect to the virtual server address on port 5810 or port 5811? Do you have the virtual server defined on port 0 (any)? Do you have port translation enabled on the virtual server?

    Can you add some debug logging and check /var/log/ltm for the output? 

    
when CLIENT_ACCEPTED {
   log local0. "[IP::client_addr]:[TCP::client_port]: Connection to [virtual name] [IP::local_addr]:[TCP::local_port]"
   switch [TCP::local_port] {
      "5810" {
         pool newpool member 192.168.1.1 22
         log local0. "[IP::client_addr]:[TCP::client_port]: Matched 5810"
      }
      "5811" {
         pool newpool member 192.168.1.2 22
         log local0. "[IP::client_addr]:[TCP::client_port]: Matched 5810"
      }
   }
}
when SERVER_CONNECTED {
    Debug event only. Remove when done testing
   log local0. "[IP::client_addr]:[TCP::client_port]: Connected to [IP::server_addr]:[TCP::server_port]"
}

    Aaron
  • touch_93816's avatar
    touch_93816
    Icon for Nimbostratus rankNimbostratus
    May 26, 2011
    Hi Hoolio

     

     

    Thank you very much for you quick reply. I have fixed this by enabling the port translation.

     

     

    :-P

     

     

    Thank you

     

     

    Touch
  • touch_93816's avatar
    touch_93816
    Icon for Nimbostratus rankNimbostratus
    May 26, 2011
    Hi Hoolio

     

     

    Thank you very much for your quick reply. I have fixed this by enabling the port translation.

     

     

    :-P

     

     

    Thank you

     

     

    Touch