Forum Discussion
sb_2323_80570
Nimbostratus
NimbostratusiRule for port and pool redirection
Hi,
Apologies for asking a dumb questions, But I want to create an iRule that redirects based on the destination IP and port
eg when a connection comes in on 443 it hits pool 2000 + the destination IP
> 192.168.0.2:443 = pool2002 on tcp_2002
ad when a connection comes on 8443
> 192.168.0.2:8443 = pool2002 on tcp_3002
The first part of the iRule seems to work but its second part that is failing
when CLIENT_ACCEPTED {
if {[TCP::local_port] == 443}
{
set pool_id [expr {[lindex [split [IP::local_addr] "."] 3] + 2000}]
log local0. "Selecting pool by TCP listener: $pool_id"
pool "pool$pool_id"}
elseif
{[TCP::local_port] == 8443}
{
set pool_id [expr {[lindex [split [IP::local_addr] "."] 3] + 2000}]
set pool_id [expr {[lindex [split [IP::local_addr] "."] 3] + 3000}]
log local0. "Selecting pool by TCP listener: $pool_id"
pool "pool$pool_id:$port}
}
Any help would be greatly appreciated
- The_BhattmanHi,
On the second part it looks like you are overriding the pool_id by the second set statement and also I don't see $port variable defined.
What kind of error are you getting?
Bhattman 
sb_2323_80570sorry a typo,
Should be
set pool_id [expr {[lindex [split [IP::local_addr] "."] 3] + 2000}]
setport [expr {[lindex [split [IP::local_addr] "."] 3] + 3000}]
log local0. "Selecting pool by TCP listener: $pool_id"
pool pool$pool_id:$port}
I dont see any issues on the logs but I don't see any attempt at the server- The_BhattmanI think the problem is with the following statement
Pool command is the following
pool
pool [member []]
When you use pool along with a port it's more or less the following example:
pool pool2002 member 192.168.0.1 3002
Bhattman - sb_2323_80570Thanks for that, Do I have to specify the pool member as I don't want to send all traffic to one server but balance across the pool
L4L7_53191You do not have to specify a pool member - the name alone will hand it off to the pool LB method to distribute according to your setup.
-Matt- The_BhattmanCorrect. As long as your pool is listening on the port you want, in your case 3002 then you don't need to have the extra parameters.
Bhattman 
hoolioCirrostratus
If you haven't already figured out how to do what you want, could you clarify it a bit?
Are you're trying to allow LTM to select the pool member, but hard code the destination IP address? If so you could create a pool for each destination port you want LTM to connect to. Or you could use a single pool, allow LTM to select the pool member and then rewrite the destination port. I'm not sure which solution you're aiming for.
Thanks,
Aaron- sb_2323_80570Hi,
Im trying to use the same pool and redirect to a different tcp port, It works fine if I create a different pool and listener but im trying to keep the amount of objects created to a minimum,
Cheers - sb_2323_80570Sorry, I should have expanded a bit of what im trying to achieve
client >> network wildcard vserver >> poolxxx based on the port and IP address of the vserver.
eg
client >> 192.168.0.1:443 >> pool101:2001
client >> 293.268.2.:8443 >> pool101:3001
cheers - hoolioI think that's clearer now. So you can force a load balancing selection in CLIENT_ACCEPTED and then rewrite the port to the one you've calculated. I'm not sure whether you can use the pool command if the IP:port you're specifying isn't defined as a pool member. So give this a try and if it doesn't work, try changing the pool command to node :
when CLIENT_ACCEPTED { log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::local_port]" Calculate destination port based on destination port and IP address switch [TCP::local_port] { 443 { set port [expr {[getfield [IP::local_addr] "." 4] + 2000}] } 8443 { set port [expr {[getfield [IP::local_addr] "." 4] + 3000}] } default { Take some default action? For now, set this to some arbitrary value If this should be the same value as 443 requests, you could remove the 443 case and just use this default to catch it set port [expr {[getfield [IP::local_addr] "." 4] + 2000}] } } log local0. "[IP::client_addr]:[TCP::client_port]: Selecting pool by TCP listener: $port" Force a load balancing selection set pool_selection [LB::select] log local0. "[IP::client_addr]:[TCP::client_port]: LB selection: $pool_selection" Replace the selected pool member port with the calculated port And use eval to make the load balancing selection eval [lreplace $pool_selection 4 4 $port] Or without the intermediate variables: eval [lreplace [LB::select] 4 4 $port] log local0. "[IP::client_addr]:[TCP::client_port]: Using [lreplace $pool_selection 4 4 $port]" } when SERVER_CONNECTED { Debug logging. Remove/comment out this event when done testing log local0. "[IP::client_addr]:[TCP::client_port]: Connected to [IP::server_addr]:[TCP::server_port]" }
Aaron
