For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

veyond_113181's avatar
veyond_113181
Icon for Nimbostratus rankNimbostratus
Mar 28, 2007

route traffic out to internet

I have looked around in the forum a bit but cant seem to find an answer as to how to route my traffic out to the internet.

 

 

Case is as follows

 

1. incoming connections come over the internet to external IP address (say 66.155.5.54).

 

2. This gets translated by the firewall into the Big IP internal address of say 10.125.1.54

 

3. The Big IP then sends it to the actual box address of say 10.135.1.54

 

 

I have tried to get it working using npath routing but doesnt seem to work (or i am doing it wrong)

 

 

What is the set up needed so the box at 10.135.1.54 can see the outside world?

 

Thanks

 

Tate
application delivery
dev
devops
iRules

3 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 28, 2007
    Were you a version 4.x user? I ask only because in version 4.x, there was a checkbox to enable routing, whereas in version 9.x, there isn't, and as such, the F5 became a default deny platform at layer3. In order to enable the routing outbound, particularly if the F5 is inline to your outbound traffic, you'll need to create a network virtual server to do this. I would make sure you only enable this on your internal vlan:

    
virtual default-forwarder {
   destination any:any
   ip forward
   profile fastL4
   vlans DMZb enable
}

  • veyond_113181's avatar
    veyond_113181
    Icon for Nimbostratus rankNimbostratus
    Mar 28, 2007
    Thank you for the reply, I was not a version 4 user.

     

    I see that you talk about creating a network virtual server but it looks like you include code to do it from command line or in an irule

     

     

    When i use the gui to create a network virtual server it asks for an address and mask

     

    I only get the the fastL4 option if i choose Forwarding layer two for the type

     

     

    My take would be that i create a network server with the following:

     

    Type: network

     

    Address10.135.1.0

     

    mask: 255.255.255.0

     

    Type: Forwarding (layer 2)

     

    Protocol: TCP

     

    Protocol Profile:fastL4

     

    Vlan Traffic: Enabled on internal

     

    SNAT Pool: Auto Map

     

     

    The problem is i get the blue box and dont know if I am to choose a clone pool or last hop pool.

     

     

    I am new to this so i am sorry if I am missing something simple. I am using 9.1.2
  • veyond_113181's avatar
    veyond_113181
    Icon for Nimbostratus rankNimbostratus
    Mar 28, 2007
    I am sorry for the post, it seems that i did have everything working properly but as I was trying to figure this out I was also checking with my firewall guy. Apparently he was not allowing outbound traffic from those hosts and since he has changed that it has fixed the problem.

     

     

    Thank you for the good information though, I am sure it will come in usefull in the future.