Forum Discussion

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Jan 30, 2017

How to create an iRules that allowing multiple ports on a single VIP IP address

How to create an iRules that allowing multiple ports on a single VIP IP address. Example i have 1 VIP 10.10.10.10 with port range 50000-60000 for SFTP active, with pool member 20.20.20.20 port: 50000...
application delivery
iRules
LTM
security
  • Maneesh_72711's avatar
    Maneesh_72711
    Feb 01, 2017

    Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.

     

Maneesh_72711's avatar
Maneesh_72711
Icon for Cirrostratus rankCirrostratus

Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.

 

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Feb 01, 2017

Hi Maneesh,

 

Pls. see below output when using a VIP Performance layer 4 associated the i Rules

 

Accssing Port 22:

 

Xshell:> telnet 103.16.170.105 22 Connecting to 103.16.170.105:22... Could not connect to '103.16.170.105' (port 22): Connection failed.

 

config tcpdump -nni 0.0 host 103.16.170.105 and port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes 13:08:41.733700 IP 112.199.36.158.38957 > 103.16.170.105.22: S 3489628376:3489628376(0) win 8192 13:08:41.733841 IP 103.16.170.105.22 > 112.199.36.158.38957: R 0:0(0) ack 3489628377 win 0 13:08:42.286396 IP 112.199.36.158.38957 > 103.16.170.105.22: S 3489628376:3489628376(0) win 8192 13:08:42.286525 IP 103.16.170.105.22 > 112.199.36.158.38957: R 0:0(0) ack 1 win 0 13:08:42.849594 IP 112.199.36.158.38957 > 103.16.170.105.22: S 3489628376:3489628376(0) win 8192 13:08:42.849709 IP 103.16.170.105.22 > 112.199.36.158.38957: R 0:0(0) ack 1 win 0 13:08:44.263275 IP 123.183.209.136.48745 > 103.16.170.105.22: S 932940911:932940911(0) win 29200 13:08:44.263404 IP 103.16.170.105.22 > 123.183.209.136.48745: R 0:0(0) ack 932940912 win 0 ^C 8 packets captured 8 packets received by filter 0 packets dropped by kernel

 

Accessing Port 21:

 

Xshell:> telnet 103.16.170.105 21 Connecting to 103.16.170.105:21... Could not connect to '103.16.170.105' (port 21): Connection failed.

 

config tcpdump -nni 0.0 host 103.16.170.105 and port 21 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes 13:08:55.352515 IP 112.199.36.158.59299 > 103.16.170.105.21: S 1151819102:1151819102(0) win 8192 13:08:55.352657 IP 103.16.170.105.21 > 112.199.36.158.59299: R 0:0(0) ack 1151819103 win 0 13:08:55.905954 IP 112.199.36.158.59299 > 103.16.170.105.21: S 1151819102:1151819102(0) win 8192 13:08:55.906070 IP 103.16.170.105.21 > 112.199.36.158.59299: R 0:0(0) ack 1 win 0 13:08:56.471243 IP 112.199.36.158.59299 > 103.16.170.105.21: S 1151819102:1151819102(0) win 8192 13:08:56.471367 IP 103.16.170.105.21 > 112.199.36.158.59299: R 0:0(0) ack 1 win 0 ^X^C 6 packets captured 6 packets received by filter 0 packets dropped by kernel