Forum Discussion
matus_c_59161
Dec 21, 2011Nimbostratus
node with dynamic IP
hello guys,
We're trying to add node that has a dynamic IP to the LTM virtual server pool.
The goal is to forward the outbound traffic to the internet via LTM to host that has a dynamic IP.
For better understanding
source (DMZ) ----> LTM VIP -- source NAT --> dynamic IP pool member
how can we manage the LTM to forward source natted traffic to the FQDN instead to the fixed IP?
thanks
Matt
5 Replies
Sort By
- how can we manage the LTM to forward source natted traffic to the FQDN instead to the fixed IP?i think we can use RESOLV::lookup to resolve fqdn to ip address and then use node command to send traffic to.
- e.g.
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { set dest [RESOLV::lookup @8.8.8.8 -a "www.google.com"] log local0. "\[RESOLV::lookup @8.8.8.8 -a \"www.google.com\"\]: $dest" log local0. "\[getfield $dest \" \" 1\]: [getfield $dest " " 1]" node [getfield $dest " " 1] 80 } when HTTP_RESPONSE { log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::remote_addr]:[TCP::remote_port]" } } [root@ve1023:Active] config curl -I http://172.28.19.79 HTTP/1.1 200 OK Date: Thu, 22 Dec 2011 06:20:00 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked [root@ve1023:Active] config Dec 21 22:25:07 local/tmm info tmm[26866]: Rule myrule : [RESOLV::lookup @8.8.8.8 -a "www.google.com"]: 74.125.235.19 74.125.235.16 74.125.235.18 74.125.235.17 74.125.235.20 Dec 21 22:25:07 local/tmm info tmm[26866]: Rule myrule : [getfield 74.125.235.19 74.125.235.16 74.125.235.18 74.125.235.17 74.125.235.20 " " 1]: 74.125.235.19 Dec 21 22:25:07 local/tmm info tmm[26866]: Rule myrule : 172.28.19.80:58281 -> 74.125.235.19:80
- Very cool usage of RESOLV::lookup. Tagging for 20LoL. ;)
- Hey nitass,
- You can use lindex to get the first list element:
From: https://devcentral.f5.com/wiki/iRules.resolv__lookup.ashx Select the first returned IP address as the destination IP (inherits the destination port from the client's destination port). when RULE_INIT { set static::dns_vs my_dns_vs } when CLIENT_ACCEPTED { Get IP(s) for hostname www.example.com against 4.2.2.1 name server set ips [RESOLV::lookup @$static::dns_vs -a "www.example.com"] Log result. If there are multiple IP's it could be a TCL list like {1.1.1.1 2.2.2.2 3.3.3.3}. log local0. "Looked up www.example.com and found $ips, parsed first element: [lindex $ips 0]" Check if the first list element was empty if {$ips eq ""}{ Input wasn't an IP address, take some default action? } else { Select the IP node [lindex $ips 0] } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects