Forum Discussion
NimbostratusIP/Port Forwarding on LTM 11.3
Hi,
I've been thrown into the deep end of F5s and searched high and low for answers to no avail. Basically, I want to port forward from an origin IP/Port to a pool of Exchange CAS servers. Things I've done so far:
* Created a SNAT pool with the IPs of the two CAS boxes listening on port 25, created a VIP to listen on port 2525.
The network traffic flow is as follows:
203.x.x.x:25 --> FW NAT --> SMTP gateway 10.1.2.x:2525 --> Exchange CAS VIP 10.1.2.x:25
I've also got LAN traffic pointing to 10.1.2.x for Exchange CAS traffic from Outlook clients internally (RPC) but I guess this is irrelevant for my solution as they are on different VIPs.
I can get the LTM to listen on port 2525 and I can telnet to it from the SMTP gateway but it won't forward to the CAS pool.
Maybe an iRule or template?
Thanks for any help in advance.
6 Replies
- nitass
Employee
I can get the LTM to listen on port 2525 and I can telnet to it from the SMTP gateway but it won't forward to the CAS pool. have you tried snat automap under the exchange CAS virtual server setting?
can you post the CAS virtual server configuration?
tmsh list ltm virtual (name)
tmsh list ltm pool (name) 
Tim_F_122241have you tried snat automap under the exchange CAS virtual server setting? No. Where do I find that?
tmsh list ltm virtual:
ltm virtual mla-exchange_MM_Receive {
destination 10.1.2.x:smtp
ip-forward
ip-protocol tcp
mask 255.255.255.255
profiles {
fastL4 { }
}
source 0.0.0.0/0
source-port change
translate-address disabled
translate-port disabled
vlans-disabled
}tmsh list ltm pool
ltm pool Pool_Forward_2525_to_25_Exchang {
load-balancing-mode least-connections-member
members {
10.1.2.x:smtp {
address 10.1.2.x
}
10.1.2.x:smtp {
address 10.1.2.x
}
}
}- nitasscan you change virtual server type from forwarding (ip) to either standard or performance (layer 4)?
snat setting is named "source address translation" under virtual server configuration. set it to "auto map". - Tim_F_122241OK, tried both of those and now I can't telnet on port 2525.
Service state : Unknown (Enabled) - The children pool member(s) either don't have service checking enabled, or service check results are not available yet - nitassltm virtual mla-exchange_MM_Receive {
destination 10.1.2.x:smtpvirtual server port should be 2525 (rather than 25), shouldn't it?
Service state : Unknown (Enabled) - The children pool member(s) either don't have service checking enabled, or service check results are not available yetthat is fine. bigip just sends traffic to pool right away (without checking). - Tim_F_122241
OK, think I got it.
I changed the resources on the Virtual Server as per the attached.
I can telnet to the VIP on 2525 and it is forwarding to port 25 where I can helo to our CAS boxes.
