For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cort_17498's avatar
cort_17498
Icon for Nimbostratus rankNimbostratus
Jan 20, 2009

Redirect based on Port

I'm pretty new to the F5 world.... be gentle.     For the life of me I cannot get this rule to work:   when CLIENT_ACCEPTED {   set port [TCP::local_port]   if { $port eq...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 20, 2009
Are you testing this iRule on a port 0 (any) VIP? Do you have port translation enabled on the VIP? If you remove the iRule and add the PORT-22 pool to the VIP, can you make a request on port 22 to the VIP? If not, check the routing between LTM and the pool members. If the default gateway of the servers isn't the LTM, you'll need to enable SNAT.

Once you have the port 22 pool working on the VIP, you can retest the iRule with a minor change and some debug logging: 

 
 when CLIENT_ACCEPTED { 
  
    log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::local_port]" 
  
     Check the destination port 
    switch [TCP::local_port] { 
       "22" { 
           Request was to port 22 
          pool "PORT-22" 
          log local0. "[IP::client_addr]:[TCP::client_port]: Using PORT-22 pool" 
       } 
       "22" { 
           Request was to port 22 
          pool "PORT-22" 
          log local0. "[IP::client_addr]:[TCP::client_port]: Using PORT-23 pool" 
       } 
       default { 
          reject 
          log local0. "[IP::client_addr]:[TCP::client_port]: Request to undefined port.  Resetting connection." 
       } 
    } 
 }

Aaron