Forum Discussion
Arron_1084
Nimbostratus
Nimbostratusshow source IP behind LTM
I have several servers sitting behind clustered LTM's with half of them behind a firewall in bridge mode. On that firewall, I want to enable ACL's to allow ports / IP's access to systems behind it, but the problem I'm running into is that the source IP is always showing as the inside floater IP of the LTM (IP forwarding virtual server setup). I saw there was a QB article to fix this for HTTP requests, but I need it for other ports. All of my inside systems have the LTM's floater IP as their default gateway.
Is there anyway to see the true source IP?
- The_BhattmanI don't see any other way around this unless, you could create individual SNAT/NAT addresses and associate with each server so that it doesn't use the inside float address.
Hope that helps.
/CB 
hoolioCirrostratus
You can insert a custom HTTP header with the original client IP address because the HTTP protocol supports custom headers. Whether you can do this on other ports depends on the protocol. I imagine you could do this in SMTP, SIP and a few other protocols. cmbhatt's suggestion should be a good workaround if the protocol you need the client IP for doesn't support custom headers.
Aaron- dennypayne
Employee
If all the inside servers have LTM as the default gateway you shouldn't need SNAT/NAT at all. LTM preserves source IP by default.
Denny 
Arron_1084All of the inside servers have the floating inside IP as the default gateway, but the source IP always shows as this same IP (inside floating IP).
