Forum Discussion

Altostratus

Jul 16, 2023

it is possible to use floating ip to communication to internet

Hello, Hello I wold like to ask if is it is posible to do something like: I have application which is running on port 80&443, but I would like to use same IP used in virtual server for comunucati...

application delivery

devops

Paulius

MVP

Jul 16, 2023

Roman_ What I understand is that you have a server that is the source of communication and you want it to be able to reach out to the internet using the floating IP in an HA pair of F5 BIG-IP LTM? You can configure a forwarding virtual server and then apply an iRule to it that specifies specific sources and any destination outside of your network and then for it to SNAT from a snat pool, in that snat pool you configure the floating IP, and finally in the iRule you created you put in this snat pool IP for SNAT under the specific traffic that you defined. I believe something similar to the following would work for you when applied to your forwarding virtual server.

when CLIENT_ACCEPTED priority 500 {

    if { [class match [IP::addr [IP::client_addr] == CLASS-Source-IPs]] } {
        if { [class match [IP::addr [IP::remote_addr] contains CLASS-Internal-IPs]] } {
            forward
        } else {
            snatpool SNAT_FloatingIP
        }
    }

}

The CLASS labeled as CLASS-Source-IP should have the specific sources in question, the one labeled CLASS-Internal-IPs will have internal destinations that you would be reaching out to that you wouldn't want to SNAT the traffic, and finally the SNAT pool list labeled SNAT_FloatingIP would have the floating IP configured in it.

Roman_
Altostratus
Jul 17, 2023
Paulius thank you for your answer, but then what shoulbe be set as gateway or "proxy" on specific backend server to reach out internet? any pool or other virtual server with internal adress and port?
- Paulius
  MVP
  Jul 17, 2023
  Roman_ This is definitely assuming your F5 is in path and is the gateway out for the source IP device.
  - Roman_
    Altostratus
    Jul 17, 2023
    Paulius Unfortunettley no, for now it is just reverse proxing external facing application. I was assuming to create virtual server which will listen on internal(also floating) IP which will be called by backend application which need to connet to interent using specific public IP (yousing your suggestion with forward virtual server). But I dont know which profiles needs to be asigned to this server with internal IP.
    thank you again

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

it is possible to use floating ip to communication to internet

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

DevCentral Community Guidelines

DevCentral Community Ranking Explained

Community Highlights, Week 15 '23

Community Learning Path: Multi-Cloud Networking

Community Highlights, Week 48 '23

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS