For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tom_K's avatar
Tom_K
Icon for Nimbostratus rankNimbostratus
Oct 12, 2017

need to see source IP when using SNAT for ssh connections

Hello, is there any way to pass along the source IP address to a load balanced ssh server when you need to use SNAT ?  
application delivery
LTM
Kevin_Davies's avatar
Kevin_Davies
Icon for Nacreous rankNacreous
Oct 13, 2017

If you add this iRule to your SSH virtual server...

when LB_SELECTED {
  log local0.info [LB::server addr] "Client [IP::client_addr] connected to [LB::server addr]"
}

Then on your SSH servers allow incoming syslog from the F5 and update your syslog configuration file /etc/syslogd.conf by adding the following line. This will send incoming logs from the iRule to the same log file that logs SSH authentication in Ubuntu at least. The actual file will vary depending on OS.

local0.info       /var/log/auth.log

So everytime someone uses SSH to your virtual server they will get two log entries in auth.log on the linux system. One with the connection details showing the original IP address and another showing the login from the local SSH daemon.

Related Content