For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Royal_131741's avatar
Royal_131741
Icon for Nimbostratus rankNimbostratus
Aug 16, 2013

iRule for port forwarding ssh to port 2222 on Pool

Hi, hope anybody can help 🙂 I have two LBs (activ/activ) and two Server in the Pool called RealSERVER, which are load balanced with lc. On the two Real Server i have two sshd, which are listen...
application delivery
devops
iRules
RoutingLoop_179's avatar
RoutingLoop_179
Icon for Cirrus rankCirrus
Aug 16, 2013

The LTM config (I used a IP forwarding VS to listen on the VIP as the irule specifies the pool and a pool configured with members using port 2222 - seems like F5 recognises 2222 as rockwell-csp2 😞

    ltm pool ssh_server_pool {
    description "2222 backend port"
    members {
        DNS1:rockwell-csp2 {
            address 192.168.101.11
        }
        DNS2:rockwell-csp2 {
            address 192.168.101.12
        }
    }
}


ltm virtual ssh_test {
    description ssh_test
    destination 86.189.0.240:any
    ip-forward
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        fastL4 { }
    }
    rules {
        ssh_test
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vs-index 11
}

log and connection entries:

(cfg-sync Changes Pending)(Active)(/Common)(tmos.ltm) show /sys conn cs-client-addr 10.12.13.3
    Sys::Connections
    10.12.13.3:56841  86.189.0.240:22  10.12.13.3:56841  192.168.101.11:2222  tcp  3  (tmm: 1)  none
Aug 16 11:47:06 bnvf5wl001 info tmm[11396]: 01220002:6: Rule /Common/ssh_test : ssh_server_pool with members 192.168.101.11:2222 192.168.101.12:2222 - using source address persistence
Aug 16 11:47:06 bnvf5wl001 info tmm[11396]: 01220002:6: Rule /Common/ssh_test : localport: 22
Aug 16 11:47:06 bnvf5wl001 info tmm[11396]: 01220002:6: Rule /Common/ssh_test : serverport: 2222

Hope it helps, Adrian.