For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ecce_297791's avatar
ecce_297791
Icon for Altocumulus rankAltocumulus
Dec 04, 2017

Multiple wildcard listners on different interfaces

Hello, Is it allowed to have two (or more) ip-forward virtual servers listening on any source, any dst and any port - but bound to different VLANs? The reason I ask is because in a tcpdump I some...
application delivery
LTM
Leonardo_Souza's avatar
Leonardo_Souza
Icon for Cirrocumulus rankCirrocumulus
Dec 04, 2017

Firstly, the first 2 packets belong to one TCP connection and the last 2 to another TCP connection. Because the ports are different.

Change your filter to:

tcpdump -nni 0.0 'host 10.3.120.5 and host 10.2.120.31 and tcp port 135'

You will get all traffic.

So, yes you can have multiple forward virtual servers. For virtual servers, the VLAN enabled should be where the traffic arrives. The return traffic is allowed back. The problem is that in your example, the other packet comes in a new TCP connection, so is handled by the other virtual server that is enabled in that VLAN.

Also, is normal to see 2 packets, because of the forward virtual server. TCP handshake is between endpoints, one packet is in and one is out.

I guess you just did not capture the return traffic, or web server is not routing correctly.

See this solution for more information:

https://support.f5.com/csp/article/K8082