Forum Discussion

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Jan 30, 2017

How to create an iRules that allowing multiple ports on a single VIP IP address

How to create an iRules that allowing multiple ports on a single VIP IP address. Example i have 1 VIP 10.10.10.10 with port range 50000-60000 for SFTP active, with pool member 20.20.20.20 port: 50000...
application delivery
iRules
LTM
security
  • Maneesh_72711's avatar
    Maneesh_72711
    Feb 01, 2017

    Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.

     

Maneesh_72711's avatar
Maneesh_72711
Icon for Cirrostratus rankCirrostratus

Goldz the backend server is listening on port 22 ?

 

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Feb 01, 2017

Hi Maneesh,

 

do we need this iRules

 

if{([TCP::local_port] > 50000 and [TCP::local_port] < 60000)} { permit elseif {[TCP::local_port] == 22 }{ permit } else { Drop request drop }

 

or this one

 

when CLIENT_ACCEPTED {

 

if{not(([TCP::local_port] > 50000 and [TCP::local_port] < 60000) or [TCP::local_port] == 22) }{

 

drop } }