Forum Discussion
NimbostratusNew to iRules and trying to get port translation to work
I have a website that is HTTP, a VIP built on HTTP with the following iRule: when HTTP_REQUEST { set host [string tolower [HTTP::host]] if { $host eq "solidwaste.dev.mesaaz.gov"} { pool solidwaste.dev.mesaaz.gov } elseif { $host contains "swfm1.mesaaz.gov"} { HTTP::header replace Host "[HTTP::header Host]:57070" pool swfm1.mesaaz.gov } elseif { $host contains "swfm2.mesaaz.gov"} { HTTP::header replace Host "[HTTP::header Host]:58080" pool swfm2.mesaaz.gov } } The 1st redirect to a pool works as it is port 80 but the swfm1 & swfm2 are redirects to pools with nodes on other ports. This does not seem to work for me, the packets seem to fall right through and I get HTTP 404 errors. I do have port translation enabled on the VIP. Any suggestions?
6 Replies
Michael_JenkinsCirrostratus
On your back end servers, are you checking for specific host headers to route the traffic? I don't think the host header is designed to include the port number. Within your pool, it should send the request to whatever port is specified. Updated code below that may help (and I find the switch command a little cleaner, so I changed the if to switch):
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::host]] { "solidwaste.dev.mesaaz.gov" { pool solidwaste.dev.mesaaz.gov } "*swfm1.mesaaz.gov*" { pool swfm1.mesaaz.gov } "*swfm2.mesaaz.gov*"{ pool swfm2.mesaaz.gov } } }
Eddie_27920Thanks, I'll give this a try. To answer your question this is the actual url that should take me to the back end server on port 57070 http://swfm1.dev.mesaaz.gov/fm_http/
See the customer enters this from the Internet in their browser then hits the VIP solidwaste.mesaaz.gov within that VIP is the iRule so basically all 3 url's go to the same VIP but have different pools to be directed to. Hope that helps.
- Eddie_27920Nope, didn't work. Same results.
- Michael_JenkinsYea. the connection to the back end server will go on whatever port you specify on the pool member. So, you're assigning pools based on host names, and those pools are telling the F5 to connect to the specific port on the node. The user will still use the same url as normal.
- Eddie_27920
The members in the pools specify the port required for the back end application. But I think the packet is leaving the iRule still on port 80 and then the pool won't allow port 80 only 57070 so it fails. Thats my issue. When redirecting to the pool I needed to specify changing the packet port to the new one. I'm going to talk to the Web guys and see what the app is expecting.
- Michael_Jenkins
I've got a virtual server set up like this in my environment, where the client comes in on port 80 (http) but the backend connection is on a different port (we'll say 55555). I have no special setup, and it works for me... My config is similar to the following...
ltm pool MY_POOL { load-balancing-mode least-connections-member members { 10.0.0.1:55555 { address 10.0.0.1 session monitor-enabled state up } } monitor MY_TCP_MONITOR } ltm virtual MY_VS { destination 192.168.10.10:http ip-protocol tcp mask 255.255.255.255 pool MY_POOL profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } }Also, if you turn off the port translation, does it work for you?
