Forum Discussion
Liquid_22_54866
Nimbostratus
NimbostratusLoad Balancing Question
Hi All,
The company I work for recently inherited a F5-BIG-LTM-1500 v.9.1.2. We do have a support contract but I thought I would ask this question here first as we are having issues in getting o...
DDreggors_21345Nimbostratus
NimbostratusI suspect you have SNAT Automap or default SNAT configured and you are unaware of it. When the servers and VS are on the same subnet a SNAT is required, unless like in your case, the default gateway of the servers is the LTM.
Nope, I am painfully aware of *ALL* the SNAT options as I have been in many phone calls with F5 and read much documentation. I have the following set:
Under Virtual Servers:
SNAT Pool [none] (no automap)
Under Pools (node pools):
Allow SNAT [NO]
Under SNAT:
SNAL List [Empty]
SNAT Pool List [Empty]
SNAT Translation [Empty]
NAT List [Empty]
As it turns out I have corrected the issue. Right under the drop down for "Allow SNAT" in Pools was another option to allow NAT (which is not SNAT). Once I turned that off the IPs started showing up right in the logs!
Also, in answer to jamesh:
If you can't turn off SNAT you may want to check out Soluiton 4816 (https://tech.f5.com/home/solutions/sol4816.html) on AskF5. It maps out how to X-Forwarded-For HTTP to keep the orginal IP address from being translated by a SNAT.
Cannot use headers that are added in as a cutstom tag for a few reasons but one of the main ones is securtity. Custom Tag X-Forwarded-For can be spoofed.
