I know this topic has been discussed in the forums multiple times, but I never found implementation details which dont' require iRules or putting the BigIP in bridging mode. I would like to be able to load balance SMTP servers with LTM, and have the SMTP servers see the original IP address of the sender. We have already changed the default gateway of the SMTP servers to the floating IP of the F5 units. I have SNAT Pool set to None, and Address Translation and Port Translation enabled. When I connect with telnet to port 25 on the virtual server, the connection is quickly closed before I can even finish HELO. Can someone share implementation details?

It sounds like you have the configuration set up correctly to not do source address translation on LTM. Does it work if a real client tries to connect to the SMTP servers via the VIP? I'd guess the SMTP server is closing the connection before you have a chance to send any data. You can get around this issue by using netcat from the LTM command line: echo "my smtp commands" | nc VIP_IP VIP_PORT Also, clients on the same subnet as the SMTP servers would not work as the SMTP servers would respond back directly to the clients--not to LTM. Aaron

Thanks for the tip Aaron. Netcat and wireshark helped identify the real problem. My test servers was actually connected to an old Cisco load balancer. Even though we change the default route on the server, the Cisco sent the responses back to the firewall instead of the F5. I also created a forwarding IP virtual server so we could access the real server.

Hi Ray, Thanks for clarifying. Glad to see you got it working. Aaron

Is there any SOP to make my client IP revealed in my windows terminal servers (TCP 3389 ,RDP) ? I am trying to load balancing them with F5 LTM.

Hi Jeff, Where do you want to see the original client IP address that you're not? Is it on LTM that you want to use the client IP for persisting? Or is it on the RDP servers that you want to see the client IP address? If so, are you using SNAT or some other method to translate the source IP address on connections from LTM to the pool? Aaron

Preserving Client IP address for SMTP traffic

20 Replies

BPetronio_11363
Nimbostratus
Apr 29, 2010
5 Stars.

Thanks.
Uriah_Queen_110
Nimbostratus
Apr 23, 2012
I'm trying the same thing but with SSH instead of SMTP. I've pointed my servers to use the LTM floating IP as their GW and the Virtual Server SNAT Pool to None, AutoMap, and custom SNAT. In each attempt my client IP was logged as being one of the SNAT IPs. Could this be because I am configured on legged (all on one VLAN)?

Is there a way of getting this to work within a single VLAN, or do I need to have my Virtual Server in one VLAN and my server Pool and SNAT in a different VLAN? Any light on what I might be missing would be grateful.

Thanks,

-uriah
Uriah_Queen_110
Nimbostratus
Apr 26, 2012
Ahhh, disabled SNAT on the Pool as opposed to disabling SNAT Pool...
Albert_C_3084
Nimbostratus
May 28, 2012
Hi I'm facing the same problem as what Ray Sbrusch described, and I couldn't find a solution. I need the smtp server to see the actual client IP (at the same time traffic being loadbalanced) instead of the SNAT VIP so I can do accounting. Seems after I disable the SNAT, the loadbalancer doesn't even send the traffic to the SMTP server as I can't see any connection from actual client in the smtp monitoring page. I understand I can do a IP forwarding but that'll disable the laodbalancing.
hoolio
Cirrostratus
May 31, 2012
Hi Albert,

You could change the server's default gateway to be the LTM self IP address. Or you could use nPath (direct server return) to avoid needing SNAT.

Aaron
Fabrizio_Chiava
Nimbostratus
May 16, 2013
Hi,

I read the full conversation. I have a similar configuration to the customer but unfortunately has a SMTP load balance with SNAT enabled, the customer has other services configured in this way also, but for this particular SMTP VS would to allow to see the Original IP address by the SMTP real servers, I think for logging purposes.

Is it possible to add into the Virtual Server configuration a similar "X-Forwarded-For" but only for SMTP?

Thanks.

Regards

Fabrizio.
Hamish
Cirrocumulus
May 17, 2013
There's nothing in SMTP to allow that. But what you could do is set the client ip in one of the tcp option headers (See the devcentral iRUle page on TCP::options).

It's up to the software (i.e. the SMTP server) to pull that info though and use it.

H
RAQS
Cirrus
Apr 06, 2022
Hi Ray,
I have similar requirement, can you please help me with the solution.
Requirement :- We have SMTP server which are getting load balance via F5 LTM and we want to see Client IP address instead of SNAT.
Regards,
Raqs
RAQS
Cirrus
May 15, 2023
Hi Team,
Hope you all are doing good.

Please update on above request.
- boneyard
  MVP
  May 15, 2023
  A new question is probably a better way to go, this one has different questions together.
  
  You might be able to stop using Source Address translation and get the real IP. But that depends on your network setup. Can you come up with a network diagram?
  
  Beyond that there are no real options. someone suggests the TCP options, but that is a long shot, what is your SMTP server brand / vendor?