Forum Discussion

msmith_64485's avatar
msmith_64485
Icon for Nimbostratus rankNimbostratus
Jan 25, 2010

IP to FQDN

Looking for an irule that will replace the IP address of outgoing traffic with the FQDN. Issue is external server does not have a valid PTR record to allow resolution. Owner of this server does not ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 26, 2010
Was the request successful? Was there anything in the curl output after the SSL handshake completed? For reference, below is a complete request to https://mail.google.com.

 

 

I notice you're making the request to a non-standard port (1234). Do you have the same port configured for the LTM pool member(s)? Is the pool member marked up by an HTTPS monitor?

 

 

If so, what happens when a client makes an HTTP request to the VIP? Do you see a request to the pool member go out? You can use tcpdump to check this (tcpdump -ni 0.0 host 1.1.1.1 and port 1234).

 

 

Aaron

 

 

$ curl -vk https://mail.google.com

 

* About to connect() to mail.google.com port 443 (0)

 

* Trying 209.85.229.83... connected

 

* Connected to mail.google.com (209.85.229.83) port 443 (0)

 

* successfully set certificate verify locations:

 

* CAfile: none

 

CApath: /usr/ssl/certs

 

* SSLv3, TLS handshake, Client hello (1):

 

* SSLv3, TLS handshake, Server hello (2):

 

* SSLv3, TLS handshake, CERT (11):

 

* SSLv3, TLS handshake, Server finished (14):

 

* SSLv3, TLS handshake, Client key exchange (16):

 

* SSLv3, TLS change cipher, Client hello (1):

 

* SSLv3, TLS handshake, Finished (20):

 

* SSLv3, TLS change cipher, Client hello (1):

 

* SSLv3, TLS handshake, Finished (20):

 

* SSL connection using AES256-SHA

 

* Server certificate:

 

* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=mail.google.com

 

* start date: 2009-12-18 00:00:00 GMT

 

* expire date: 2011-12-18 23:59:59 GMT

 

* common name: mail.google.com (matched)

 

* issuer: C=ZA; O=Thawte Consulting (Pty) Ltd.; CN=Thawte SGC CA

 

* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

 

> GET / HTTP/1.1

 

> User-Agent: curl/7.19.6 (i686-pc-cygwin) libcurl/7.19.6 OpenSSL/0.9.8l zlib/1.2.3 libidn/1.15 libssh2/1.2

 

> Host: mail.google.com

 

> Accept: */*

 

>

 

< HTTP/1.1 200 OK

 

< Cache-Control: public, max-age=604800

 

< Expires: Tue, 02 Feb 2010 17:45:59 GMT

 

< Date: Tue, 26 Jan 2010 17:45:59 GMT

 

< Refresh: 0;URL=https://mail.google.com/mail/

 

< Content-Type: text/html; charset=ISO-8859-1

 

< X-Content-Type-Options: nosniff

 

< X-XSS-Protection: 0

 

< X-Frame-Options: SAMEORIGIN

 

< Content-Length: 234

 

< Server: GFE/2.0

 

<