Forum Discussion

LillyM_9417's avatar
Icon for Altostratus rankAltostratus
Jul 04, 2011

self ip cannot be used for virt traffic




I installed a virt f5. I created a virt server, pool and irule. I could not manage to connect to real serevr because F5 is using client's ip address for forwarding packet to dest real server.



1) Client pc ( is connecting port 9000 and ip (virt server definition on F5)



2) f5 send syn to server and 3 way handshake is done between F5 and server.



3) I use this irule, because I want only self ip of the F5 is used.





timing on



when RULE_INIT {


set static::xdebugdfbc 0







TCP::collect 8


if { [IP::addr [IP::client_addr] equals ] } {


snat automap









4) F5 trying to connect to the real server with client ip address (which is impossible because no back route is defined through the client directly, it should be via F5)



5) Virt server definition has the following:



**Address Translation: Enabled


**Port Translation: Enabled


**Source Port: Preserve


**Snat Pool: AutoMap






What can be the reason of this? I am looking forward your response ASAP.



thanks in advance

3 Replies

  • Hi Lilly,



    Can you take out the TCP::collect line and retest? It isn't necessary to collect the TCP payload to apply SNAT.



  • Hamish's avatar
    Icon for Cirrocumulus rankCirrocumulus
    I don;t follow why you're using an iRule (To snat AND have a SNAT pool set on the virtual server.. Did you want to snat just the sources? Or all traffic through the VS?



  • Nice catch Hamish. I just read the first part and missed that she has automap already. Lilly, f you only want to apply snat for specific clients you should take off automap from the VS and use the iRule (without using TCP::collect).