Forum Discussion
LillyM_9417
Jul 04, 2011Altostratus
self ip cannot be used for virt traffic
Hello,
I installed a virt f5. I created a virt server, pool and irule. I could not manage to connect to real serevr because F5 is using client's ip address for forwarding packet to dest real server.
1) Client pc (10.1.1.1) is connecting port 9000 and ip 12.12.12.12 (virt server definition on F5)
2) f5 send syn to server and 3 way handshake is done between F5 and server.
3) I use this irule, because I want only self ip of the F5 is used.
=============
timing on
when RULE_INIT {
set static::xdebugdfbc 0
}
when CLIENT_ACCEPTED {
TCP::collect 8
if { [IP::addr [IP::client_addr] equals 10.0.0.0/8 ] } {
snat automap
}
}
=============
4) F5 trying to connect to the real server with client ip address (which is impossible because no back route is defined through the client directly, it should be via F5)
5) Virt server definition has the following:
**Address Translation: Enabled
**Port Translation: Enabled
**Source Port: Preserve
**Snat Pool: AutoMap
=================================================
What can be the reason of this? I am looking forward your response ASAP.
thanks in advance
- hooleylistCirrostratusHi Lilly,
- HamishCirrocumulusI don;t follow why you're using an iRule (To snat 10.0.0.0/8) AND have a SNAT pool set on the virtual server.. Did you want to snat just the 10.0.0.0/8 sources? Or all traffic through the VS?
- hooleylistCirrostratusNice catch Hamish. I just read the first part and missed that she has automap already. Lilly, f you only want to apply snat for specific clients you should take off automap from the VS and use the iRule (without using TCP::collect).
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects