Forum Discussion
superuser_22978
Nimbostratus
Nimbostratusirule for range of ports and a few specific ports
Hi Guys..I have request to open up ports from 56000 to 57000 and 3389,10520,10521. I have the irule as below is not working. Connections are getting refused. Please suggest.
when CLIENT_ACCEPTED...
Brad_Parker_139
Nacreous
NacreousLooks like just a little syntax issues. Try this.
when CLIENT_ACCEPTED {
if { (([TCP::local_port] >= 56000) && ([TCP::local_port] <= 57000)) || ([TCP::local_port] == 3389) || ([TCP::local_port] == 10520) || ([TCP::local_port] == 10521) } {
pool qa_pool
}
else {
reject
}
}
R_Marc_77962that will work, but if you have multiple backend pools for different ports, a switch statement is probably the way to go (it's also more readable, in my opinion) switch [TCP::local_port] { "80" {pool server-80-tcp-pool} "444" {pool server-444-tcp-pool} "443" { if { [class match [IP::client_addr] equals service_client_ip_list] }{ log local0. "Requested from service IP: [IP::client_addr] sending to server-443-tcp-service-pool" pool server-443-tcp-service-pool } else { pool server-443-tcp-pool } } "30200" {pool server-30200-tcp-pool} "30201" {pool server-30201-tcp-pool} "30202" { if {[class match [IP::client_addr] equals service_client_ip_list] }{ log local0. "Requested from IP: [IP::client_addr] send to server-30202-tcp-service-pool" pool server-30202-tcp-service-pool } else { pool server-30202-tcp-pool } } "30203" {pool server-30203-tcp-pool} "30204" {pool server-30204-tcp-pool} "30205" {pool server-30205-tcp-pool} default {discard} }- Brad_Parker_139That's true. It's also arguably true that it's cleaner to do it with multiple VS and pools. &128512;
superuser_22978Thank you Brad..But When I used the above rule you suggested, when I do testing virtual server is accepting the telnet on all ports(not only on 3389, 10520, 10521 and 56000 - 57000). Virtual server is not rejecting the connections on different ports other than the ports mentioned in Irule.
