How to - not use NAT for a single host behind an F5 when not using a VIP.

Posted By nitass on 01/02/2013 04:29 PM

 

However for inbound connections direct to my hosts (ie not via virtual server) I'm not sure if this applies or not. if snat list is applied on incoming vlan, yes it is. anyway, why don't you use snatpool setting under virtual server configuration instead of snat list? so, i will affect inbound traffic to virtual server only.

 

 

I want my server to see the real client IP, I have a feeling what I need to do is build an IP forwarding rule for the host and ensure SNAT pool is set to none. you mean ip forwarding virutla server, don't you? if so, yes but you have to also remove snat list configuration. snat list will apply even snat is set to none under ip forwarding virtual server.

 

 

hope this helps.

 

 

So yes my snat list is applied on the incoming vlan meaning it is matching everything. Turning that off is a last resort at the moment, the F5's in question are heavily utilized in a production environment with scores of virtual servers and hosts behind them. Making global changes is not ideal for me.

 

 

Yes I do mean an ip forwarding virtual server. At the moment I have at least one service working through a standard load balancing virtual server that is presenting the real source IP. I'm trying to work out how and why that is. I will spend some more time comparing configs.