Port redirect

Question

I know it's been done before.  I've looked around and can't find an answer to what I'm trying to do:  VIP listening on port 80, and a pool with nodes listening on 8080. 
&nbsp;  
&nbsp; Here's my situation:  I'm using the LTMs to load balance McAfee Webwasher proxy servers used for our outbound internet browsing traffic.  My environment uses the "Automatically detect proxy settings" in IE, so we need a wpad.dat file hosted somewhere.  The Webwashers support hosting that file, but they only listen on tcp port 8080.   
&nbsp;  
&nbsp; The WPAD "Automatically detect proxy settings" process needs to resolve wpad to an IP address, then makes the request:  http://192.168.5.10/wpad.dat.  192.168.5.10 is the VIP for the wpad server, redirecting to the Webwasher pool.  The wpad.dat file is parsed (same as a proxy.pac file) and returns the proxy server settings:  (let's say in this example) 192.168.5.20:8080.  192.168.5.20 is the VIP for the proxy server, listening on 8080, using the Webwasher pool. 
&nbsp;  
&nbsp; The Webwashers only listen on port 8080 and I have over 700 sites with DHCP option 252 defining the WPAD host on port 80.  How can I have the VIP listen and accept requests on port 80, load balancing to the pool/nodes on port 8080, then send it back to the client from the VIP? 
&nbsp;  
&nbsp; Anyone else doing something like this?  I don't think it should be that hard but it's not working/returning the wpad.dat file  when I configure the VIP on 80, and the nodes on 8080.

hoolio · Answer

The VIP:80 pointing to pool member(s) on port 8080 should work fine as long as you have (destination) port and (destination) address translation enabled on the VIP.  If the proxy servers aren't pointing to LTM for their default gateway, then you'd want to enable SNAT on the VIP as well to translate the source address on the server side connections to the LTM floating self IP on the server VLAN.   
&nbsp;  
&nbsp; If that's not working, can you try capturing a tcpdump on all switch ports looking for the VIP and pool member IP addresses?  It would make things easier if you temporarily disable all but one pool member. 
&nbsp;  
&nbsp; tcpdump -ni 0.0 host VIP_IP or host POOL_IP_1 
&nbsp;  
&nbsp; Another option would be to host the wpad.dat/proxy.pac file with an iRule.  Bhattman added an example to the Codeshare which does this: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/Proxy_Pacfile_Hosting_without_need_for_Web_servers.html 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Port redirect

Recent Discussions

F5 LTM listening on 3306

SNI Sites not taking correct certificate.

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Related Content

Setup a Reverse Proxy that redirects to internal port

Rewrite HTTP Redirect Port

HTTP to HTTPS Redirect Rewrite plus port change

(HTTP) Redirection via Arbitrary Host Header

Anchor Link Redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS