Forum Discussion
Kirit_Patel_521
Nimbostratus
NimbostratusRestrict Outbound access from a server
Folks
We have a requirement where we want certain servers to go OUTBOUND to certain IPs and ports . How do u accomplish this in LTM?
Currently we are use SNAT and these servers are going OUTBOUND through a certian VIP and outbound is wide open
5 Replies
hoolioCirrostratus
Hi Kirit,
If you have a very limited number of destination hosts and/or ports you want to allow access to, you could configure a single forwarding virtual server per destination host. You could then use source VLAN restrictions, an iRule or packet filters to restrict which clients can access the VIP.
A more flexible option would be to configure a network forwarding VIP (destination 0.0.0.0:0) and then use an iRule to restrict which source hosts/networks can access which destination hosts/networks. Here are two examples of such an iRule:
Access Control Based on IP
http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnIP.html
Access Control Based on Network or Host
http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnNetworkOrHost.html
Aaron
Kirit_Patel_521can u tell me how to create a single IP forwarding virtual server ?- Kirit_Patel_521can u tell me how to create a single IP forwarding virtual server ?
- Kirit_Patel_521can u tell me how to create a single IP forwarding virtual server ?
- hoolioSure:
Name: ip_fwd_10.0.0.1_vs
Destination: 10.0.0.1
Port: 80 or 0 (any) for example
Type: Forwarding (IP)
Protocol: TCP or Any
Protocol Profile (Client): fastL4
VLAN Traffic: set for the VLAN you want to allow traffic to this VIP from (ie, set to internal to allow internal VLAN clients access to this VIP
SNAT Pool: enable automap or a SNAT pool
Aaron
