For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cpt_ri_F5's avatar
cpt_ri_F5
Icon for Cirrostratus rankCirrostratus
Mar 12, 2024

SMTP - SNAT - IP source

Hello, I have an L4 SMTP Virtual Server and Proofpoint backend servers configured with SNAT.  The server team wants to retrieve the source IP address of the client (like X-Forwarded in HTTP) , whi...
application delivery
mihaic's avatar
mihaic
Icon for MVP rankMVP
Mar 13, 2024

 X-Forwarded-for is used for HTTP Virtual Servers that have SNAT.

If you have an L4 Virtual Server it would be better to not use SNAT if you want to see the client IP.

There is no easy way to get the client's IP. As far as I know, you might try to have the client IP sent in a TCP header but then your server needs to be able to get it from that header.

Proxy Protocol Initiator | DevCentral

 

Or you might try to insert it in the payload, but again your servers need a way to get it.

Then you could try to use  npath routing

https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/configuring-layer-3-npath-routing.html

 

But probably the best thing to do is to not use SNAT in this case.

For http is easier because most applications understand the x-forward-for header.