Preserving Client IP address for SMTP traffic

It sounds like you have the configuration set up correctly to not do source address translation on LTM. Does it work if a real client tries to connect to the SMTP servers via the VIP?

 

 

I'd guess the SMTP server is closing the connection before you have a chance to send any data. You can get around this issue by using netcat from the LTM command line:

 

 

echo "my smtp commands" | nc VIP_IP VIP_PORT

 

 

Also, clients on the same subnet as the SMTP servers would not work as the SMTP servers would respond back directly to the clients--not to LTM.

 

 

Aaron

Thanks for the tip Aaron. Netcat and wireshark helped identify the real problem.

 

 

My test servers was actually connected to an old Cisco load balancer. Even though we change the default route on the server, the Cisco sent the responses back to the firewall instead of the F5.

 

 

I also created a forwarding IP virtual server so we could access the real server.

Hi Ray,

 

 

Thanks for clarifying. Glad to see you got it working.

 

 

Aaron

Is there any SOP to make my client IP revealed in my windows terminal servers (TCP 3389 ,RDP) ? I am trying to load balancing them with F5 LTM.

Hi Jeff,

 

 

Where do you want to see the original client IP address that you're not? Is it on LTM that you want to use the client IP for persisting? Or is it on the RDP servers that you want to see the client IP address? If so, are you using SNAT or some other method to translate the source IP address on connections from LTM to the pool?

 

 

Aaron

Hi Aaron:

 

I am trying to make is revealed on RDP servers. I am using SNAT right now. I want to know if there are any other implements to make me achive RDP

 

server balancing and client IPs seeable on RDP real servers!

Hi Jeff,

 

 

I don't think there is any mechanism within RDP to pass the original client IP address to the server. If the clients and servers are not on the same network and you can change to servers' default gateway to LTM's self IP on their network, you could remove the SNAT from the VIP and have LTM use the client's IP address to establish the serverside connection.

 

 

Aaron

Hello Aaron,

 

 

I'm facing some similar problems with this "simple" type of configuration.

 

 

I have a VServer with public IP, Performance (http) type, with a pool with 1 server (private ip). No SNAT configured, so i guess i should see the client IP Address when someone "hits" the VServer.

 

The server has a way to see the client ip address and is always showing the F5 self ip of the internal vlan.

 

 

Physically, i have the following scenario:

 

[Router] --- [F5] ---- [FW] ---- [Server]

 

 

[Router] - [F5] -- Public IP

 

[F5] - [FW] - Private IP (routed zone)192.168.250.0/24

 

[FW] - [Server] - Private IP (DMZ) 10.100.149.0/24

 

 

 

If i have no SNAT configured in VServer, why is the packet arriving on the server with the source IP of the Self IP Address of F5 Internal Vlan ?

 

 

What i was hopping was to see the real ip clients o my webservers fo variuos proposes.(Statistics, control, security, etc...)

 

 

Best Regards,

 

Bruno Petrónio

Hi Bruno,

 

 

One of the ways the Perf HTTP profile improves performance is by performing source address translation and using OneConnect. If you need to preserve the original client IP address you could change to a standard HTTP profile and add a custom OneConnect profile with a 255.255.255.255 source mask. For details on the performance HTTP profile, try searching on AskF5.com. If you can't find relevant solutions, let me know.

 

 

Thanks, Aaron

Thanks Aaron,

 

 

 

I will try it tomorrow, and will feedback on here the result.

 

 

Best Regards,

 

Bruno Petrónio