For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

CK_Then_103583's avatar
CK_Then_103583
Icon for Nimbostratus rankNimbostratus
Jun 13, 2014

iRule for port translation of single public IP address to multiple real server IP

Hi,   Need help on iRule to port translate a single public address to multiple real server private IP.   Example. 1.1.1.1:15001 --> 192.168.1.1:80 (if the connection is HTTP) --...
application delivery
devops
iRules
LTM
Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Jun 13, 2014

Create server and client SSL profiles. Turn on the advanced option on the client SSL profile "Non-SSL Connections".

when HTTP_REQUEST { 

   only need to set it on first http request
  if {[info exists connect_pool]} { return }

   are we using SSL?
  set connect_type "http"
  if {!([catch {SSL::cipher version} result]) && $result ne  "none" } { set connect_type "https" }
  if {[class match $connect_type:[TCP::local_port] equals myclass]} {
    set connect_pool [class match -value $connect_type:[TCP::local_port] equals myclass]
    log local0. "Pool selected for [IP::local_addr]:[TCP::local_port] was $connect_pool"
  } else {
    log local0. "Configuration not found for [IP::local_addr]:[TCP::local_port]. Connection rejected."
    reject
  }
  pool $connect_pool
  if {$connect_pool ends_with "80" } { SSL::disable }
}

Create the class myclass...

Name           Value
http:15001     pool_1.1_443
https:15001    pool_1.1_80

Then have the pools...

pool_1.1_443 has member 192.168.1.1:443
pool_1.1_80 has member 192.168.1.1:80

Create virtual 1.1.1.1:* Attach SSL profiles and iRule