Forum Discussion
toshi_01_132399
Nimbostratus
Nimbostratusmysql ip access control
I would like to do the ip access control by using a irule. However, I failed in the following way.
pool-allowhost-01 have kept some mysql.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 192.168.1.0/24] } {
pool pool-allowhost-01
} else {
reject
}
}
allowed host can not access pooling mysql.
[localhost ~]$ mysql -u user -ppass -h lbaddr
Warning: Using a password on the command line interface can be insecure.
stay stopping
21 Replies
nitass_89166Noctilucent
i think the original irule below is okay.
when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 192.168.1.0/24] } { pool pool-allowhost-01 } else { reject } }may you add log command to the irule something like what kevin suggested? also, i think it would be helpful if you can run tcpdump on bigip.
e.g.
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 192.168.1.30 or host 192.168.1.50 or host 192.168.1.51 or host 192.168.1.52and can you post the virtual server, pool and snatpool configuration here?
tmsh list ltm virtual (virtual server name) tmsh list ltm pool (pool name) tmsh list ltm snatpool (snatpool name)just my 2 cents.
toshi_01_132399Thank you. I will try to challenge on the basis by information of everyone
- nitass
Employee
i think the original irule below is okay.
when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 192.168.1.0/24] } { pool pool-allowhost-01 } else { reject } }may you add log command to the irule something like what kevin suggested? also, i think it would be helpful if you can run tcpdump on bigip.
e.g.
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 192.168.1.30 or host 192.168.1.50 or host 192.168.1.51 or host 192.168.1.52and can you post the virtual server, pool and snatpool configuration here?
tmsh list ltm virtual (virtual server name) tmsh list ltm pool (pool name) tmsh list ltm snatpool (snatpool name)just my 2 cents.
- toshi_01_132399Thank you. I will try to challenge on the basis by information of everyone
