Forum Discussion

F5beginner_3849's avatar
F5beginner_3849
Icon for Nimbostratus rankNimbostratus
Mar 01, 2019

One directional comunication via virtual server

Hello All,

 

I´m new here and I´m beginner with F5.

 

I´m trying to publish one http server for test.

 

What I did. I have created server which is accessible via http in internal network, without F5. I have created virtual server list, where I put destination IP (publicIP) with port 80 and created pool with one InternalIP. I have tried to set up automap in virtual server list, but it doesn´t help me.

 

I have checked tcpdump on F5 site where I can see that there is some comunication from Internet to the virtual server, but there is not answer from virtual server to F5. (On virtual server I can see, it is sending responses.)

 

If you need more details, please let me know, I will share it with you.

 

Thank you for help

 

  • Does the website work when you bypass the F5 and go to the server directly?

    Could you go onto the CLI and run the following commands to list out the virtual server configuration

    tmsh list ltm virtual 

    tmsh list ltm pool 

  • Hi Michael,

    Traffic to the server goes directly in internal network and in external it goes from outside via F5 to server. So only from external network will traffic go via F5.

    `ltm virtual ExternalIPs {
    clone-pools {
        PoolInternalIPs {
            context clientside
        }
    }
    creation-time 
    destination 1.1.1.1:http
    ip-protocol tcp
    last-modified-time 
    mask 255.255.255.255
    pool PoolInternalIPs
    profiles {
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    source-port change
    translate-address enabled
    translate-port enabled
    vs-index 9
    

    } [root@f5lb02:Active:In Sync] config tmsh list ltm pool PoolInternalIPs ltm pool PoolInternalIPs { members { 10.1.1.1:http { address 10.1.1.1 session monitor-enabled state up } } monitor tcp_half_open }`

  • Can't see any issue with the F5 config, maybe post the output of the command

    tcpdump -i 0.0:p -s0 tcp port 80 and host 1.1.1.1
    while you make a request to the virtual server. Often these sorts of issues are firewalls in the network or server. Worth also checking whether you are receiving any packets at the server.

  • Hello,

     

    tcpdump and tshark was very helpfull. I find out, that port was not opened from outside (stupid mistake)

     

    Thank you

     

  • Adding as an answer to stop this showing up as 'unanswered'.

    Can't see any issue with the F5 config, maybe post the output of the command

    tcpdump -i 0.0:p -s0 tcp port 80 and host 1.1.1.1
    while you make a request to the virtual server. Often these sorts of issues are firewalls in the network or server. Worth also checking whether you are receiving any packets at the server.