Forum Discussion
NimbostratusIP Forwarding Config for single server
I want to create incoming smtp traffic for a single server mail relay, no load balancing necessary.
The document I read states that you can IP forward directly to node as "destination IP address" on Virtual Server config.
http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html
Option 1:
VS_MAIL_RELAY
Destination IP ---10.10.10.10 (node)
Source Port ---25 smtp
I don't want to use the node IP address, rather will prefer to create Virtual Server IP address which will forward to the Node. Is this possible?
Option 2:
VS_MAIL-RELAY
Destination IP ---11.11.11.11 (Virtual Server IP) ----> Node IP address 10.10.10.10
Source Port ---25 smtp
Note: Outgoing mail traffic is taking a different path, so no return traffic required.
3 Replies
Ajmal_2608If you don't want to load balance then why don't you NAT the IP addresses instead of creating virtual addresses?
Option-1: Use an IP address that is not routed to the LTM and NAT it with the node IP on your firewall itself
Option-1: NAT on LTM (you should have a forwarding VIP configured to forward the SMTP traffic)
Sample forwarding VIP to forward all traffic:
virtual ForwardingVIP {
ip forward
destination any:any
mask 0.0.0.0
profiles fastL4{}
}
still if you wanted to get it through the LTM, then create a VS, Pool and the node as pool member like any traditional VS, and since you do not want the traffic to return, then do not attach any SNAT configuration to it.
smp_86112Cirrostratus
>
Is this possible?Certainly. This is what a Standard or Performance (Layer 4) virtual server does. You assign the VIP an IP address and port, then configure a Pool with your desination IP/port. The LTM does the translation. Am I missing something?
Elias_O_16228Hi SMP,
Sorry for the late response. I got caught up with a lot more pressing needs in office. The problem is that I don't want to create a pool. I wanted to just forward the traffic to node address without using the node address as the VS. For instance, node 10.10.10.10 could be natted on the firewall but this is not what I want. I want to static nat firewall to VS 11.11.11.11 and have this VS forward to the node 10.10.10.10. The reason for this is that I don't want to see 10.10.10.10 natted on the firewall.
