Forum Discussion

Lior_54850's avatar
Lior_54850
Icon for Nimbostratus rankNimbostratus
May 19, 2012

Internal servers accessing the web

Hello all,

 

 

I'm fairly new to F5's and I've hit a bit of a wall. I have a fairly simple setup of 2 web servers behind 1 3400 LTM load balancer (running 9.4.5). I'm trying to get my 2 web servers on a private network to use my F5 as a gateway to access the internet. Seems like a rather straightforward requirement. You want your web servers to be able to do NTP, WGET, YUM etc... .

 

 

 

So the obvious approach is to try and do some sort of NAT so I went ahead and created a SNAT. This solved my issue but generated a new one. Basically all calls from my web servers were automatically NAT'd to my NAT address. Which makes sense but internally I need them to keep their private IP addresses. I have services (such as glusterfs) that requires a distinct IP address.

 

 

 

All I want is if traffic is staying on my internal network to not do SNAT and if the traffic needs to head out via the external network then to do a SNAT. Or anything that basically allows me to access the web and still have a private IP address internally.

 

 

 

FYI: I also tried SNAT with disabled on internal vlan but that removes the capability of going to the web

 

 

 

 

 

Thanks for any help,

 

 

 

Lior

 

 

 

P.S.: LTM => PUBLIC IP and 192.168.3.1 (private IP)

 

Web 1 => 192.168.3.100 -> uses 192.168.3.1 as gateway

 

Web 2 => 192.168.3.101 -> uses 192.168.3.1 as gateway

 

  • Hey All,

    I just wanted to give you an update on the issue. I did some digging and found a way of using an iRule to accomplish the required effect. On my catch all forward VIP I added the following iRule

     
    when LB_SELECTED { 
      set public_ip 192.168.1.176  
    
      if { [IP::addr [IP::client_addr] equals 192.168.3.0/24]  
          && not [IP::addr [IP::local_addr] equals 192.168.0.0/16]} {
    
        snat $public_ip
      } elseif { [IP::addr [IP::client_addr] equals 192.168.4.0/24]  
          && not [IP::addr [IP::local_addr] equals 192.168.0.0/16]} {
         
        snat $public_ip
      } else {
        forward
      }
    }
     

    Thanks