Forum Discussion
NimbostratusReturn traffic via F5 when snat is none
We have configured a UDP virtual server where we have kept SNAT as NONE since as per our requirement client ip should be visible to server. But while responding server is replying directly to client via default gateway and not via F5. Which is causing the client to reject the response.
Please find the virtual server configuration below.
ltm virtual VS_UDP { destination 172.27.189.11:57625 ip-protocol udp mask 255.255.255.255 pool Pool_UDP profiles { udp { } } source 0.0.0.0/0 source-port preserve-strict vs-index 2 }
3 Replies
JinshuCirrus
Hi Mate,
If your source address and the application server addresses are in same subnet (or the default gateway of your server have different routes for the source address), you should use the SNAT feature enabled.
You can use the X-forwarder feature enabled so that the application server can see the client address even if the SNAT is enabled.
Hope this helps.
-Jinshu
fgf_165674Hi AnkushP,
have you tried enable SNAT in the Virtual Server and apply an iRule inserting the True-Client-IP ?
I did it for a HTTP Virtual Server and it works fine.
Regards,
dfosborne2_2224If your pool members on the backend are linux, I have a solution which creates a "conditional bigip gateway" fully exposing the client IP address which is helpful when youre doing some sort of traffic for which you cannot inject headers via an iRule. You can see that here:
https://devcentral.f5.com/codeshare/kill-snat-automap
The doc spells out the requirements...and no it does not require the bigip to be the default gateway of the given pool member.
