Forum Discussion
Lior_54850
Nimbostratus
NimbostratusInternal servers accessing the web
Hello all,
I'm fairly new to F5's and I've hit a bit of a wall. I have a fairly simple setup of 2 web servers behind 1 3400 LTM load balancer (running 9.4.5). I'm trying to get my 2 web servers on a private network to use my F5 as a gateway to access the internet. Seems like a rather straightforward requirement. You want your web servers to be able to do NTP, WGET, YUM etc... .
So the obvious approach is to try and do some sort of NAT so I went ahead and created a SNAT. This solved my issue but generated a new one. Basically all calls from my web servers were automatically NAT'd to my NAT address. Which makes sense but internally I need them to keep their private IP addresses. I have services (such as glusterfs) that requires a distinct IP address.
All I want is if traffic is staying on my internal network to not do SNAT and if the traffic needs to head out via the external network then to do a SNAT. Or anything that basically allows me to access the web and still have a private IP address internally.
FYI: I also tried SNAT with disabled on internal vlan but that removes the capability of going to the web
Thanks for any help,
Lior
P.S.: LTM => PUBLIC IP and 192.168.3.1 (private IP)
Web 1 => 192.168.3.100 -> uses 192.168.3.1 as gateway
Web 2 => 192.168.3.101 -> uses 192.168.3.1 as gateway
Lior_54850Hey All,
I just wanted to give you an update on the issue. I did some digging and found a way of using an iRule to accomplish the required effect. On my catch all forward VIP I added the following iRulewhen LB_SELECTED { set public_ip 192.168.1.176 if { [IP::addr [IP::client_addr] equals 192.168.3.0/24] && not [IP::addr [IP::local_addr] equals 192.168.0.0/16]} { snat $public_ip } elseif { [IP::addr [IP::client_addr] equals 192.168.4.0/24] && not [IP::addr [IP::local_addr] equals 192.168.0.0/16]} { snat $public_ip } else { forward } }
Thanks
santosh_81454Hi Lior, Thanks for sharing the information.
- Santosh.