Forum Discussion

Lior_54850's avatar
Icon for Nimbostratus rankNimbostratus
May 19, 2012

Internal servers accessing the web

Hello all,



I'm fairly new to F5's and I've hit a bit of a wall. I have a fairly simple setup of 2 web servers behind 1 3400 LTM load balancer (running 9.4.5). I'm trying to get my 2 web servers on a private network to use my F5 as a gateway to access the internet. Seems like a rather straightforward requirement. You want your web servers to be able to do NTP, WGET, YUM etc... .




So the obvious approach is to try and do some sort of NAT so I went ahead and created a SNAT. This solved my issue but generated a new one. Basically all calls from my web servers were automatically NAT'd to my NAT address. Which makes sense but internally I need them to keep their private IP addresses. I have services (such as glusterfs) that requires a distinct IP address.




All I want is if traffic is staying on my internal network to not do SNAT and if the traffic needs to head out via the external network then to do a SNAT. Or anything that basically allows me to access the web and still have a private IP address internally.




FYI: I also tried SNAT with disabled on internal vlan but that removes the capability of going to the web






Thanks for any help,








P.S.: LTM => PUBLIC IP and (private IP)


Web 1 => -> uses as gateway


Web 2 => -> uses as gateway


2 Replies

  • Hey All,

    I just wanted to give you an update on the issue. I did some digging and found a way of using an iRule to accomplish the required effect. On my catch all forward VIP I added the following iRule

    when LB_SELECTED { 
      set public_ip  
      if { [IP::addr [IP::client_addr] equals]  
          && not [IP::addr [IP::local_addr] equals]} {
        snat $public_ip
      } elseif { [IP::addr [IP::client_addr] equals]  
          && not [IP::addr [IP::local_addr] equals]} {
        snat $public_ip
      } else {