Forum Discussion

hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Feb 09, 2010

iRule to mimic Cisco ACL for Forwarding VIP

Hi All,     Can somebody please help me write an iRule that will permit/deny the outside world from accessing the real servers behind the F5???     For example I have an inside_v...
application delivery
dev
devops
iRules
hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Feb 10, 2010
Hi Aaron,

 

 

Thanks for clearing that up.

 

 

I've been able to deploy the irule for forwading VIPS which are set to Service Port: All Ports; Type: Forwarding (IP); Protocol: All.

 

 

However, I am having trouble with the irule for VIPS set to answer on a specific port - eg: Service Port: 80; Type: Performance (L4); Protocol: TCP. When the irule is applied to this sort of VIP (eg: 210.15.254.x:80) the irule stops any incoming connection eventhough I am trying to access the VIP from an IP address in the trustedAddresses data group - not sure why this is happening when the irule is applied to a VIP that is port-specific????

 

 

I have copy/paste this irule to use.

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnIP.html

 

 

Thanks.

 

 

Andy