F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Ramil_Ancajas_1's avatar
Ramil_Ancajas_1
Icon for Nimbostratus rankNimbostratus
Jan 29, 2014

HTTP VS to accept and redirect SSH request to SSH VS

Hi All,

 

I have a VS with open port service for HTTP request, which I also want it to accept SSH request but will redirect the traffic to another VS with SSH service. Is this possible using iRule? Can anyone help and share an iRule or idea how to provide solution for this requirement?

 

Thanks in advance for any help.

 

Ramil

 

application delivery
devops
iRules

7 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jan 29, 2014

    Ramil, Would this do it?

    when CLIENT_ACCEPTED { 
 if { [TCP::local_port] eq 22 } {
   virtual name_of_virtual
   }
  }
  • Ramil_Ancajas_1's avatar
    Ramil_Ancajas_1
    Icon for Nimbostratus rankNimbostratus
    Jan 29, 2014

    Dear Nathan,

     

    Thanks for the quick response. I applied the iRule, it does the redirection of the request to the SSH VS, but it's still cannot establish connection. Please note that I use secure CRT to connect using SSH, if I connect directly to the SSH VS it works. But if I connect via the HTTP VS it wont (even w/ this redirection). The thing is the users will use the same DNS name to connect both VS's (which is the IP of HTTP VS). I could have asked them to use different IP but they could not do it as the DNS name is already embedded in their application. And they use same name for both URL (browser) and SSH application.

     

    Any other suggestion please?

     

    Really appreciated your help.

     

    Ramil

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Jan 29, 2014
      Hmm, not too sure on that. Two things I'd try: change the irule to go direct to a node, rather than VS, and see if that works (irule line would be node x.x.x.x 22). Secondly I'd do a tcpdump on the f5 to see if this gives you any clues (prob need to do ssldump)
    • Ramil_Ancajas_1's avatar
      Ramil_Ancajas_1
      Icon for Nimbostratus rankNimbostratus
      Jan 29, 2014
      Hi Nathan, Thanks for your support. I think I figured out a soultion to this request. I simply assigned same IP on the SSH VS and removed the iRule on the HTTP VS and it works fine. Thanks a lot for your support really grateful for that. Regards,
    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Jan 29, 2014
      Good suggestion JPV, it would take a higher precedence than the vs with a wildcard port. Thanks. Hope it helps Ramil
    • Ramil_Ancajas_1's avatar
      Ramil_Ancajas_1
      Icon for Nimbostratus rankNimbostratus
      Jan 29, 2014
      Hi JVP. Thats what actually what I did and it works! I just fount out that you also recommended this. Thank you very much for that. To all the guys, pardon me please for I still new to F5 but really like to work and lear more with it. Cheers!! Ramil