For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

reen_sc_140631's avatar
reen_sc_140631
Icon for Nimbostratus rankNimbostratus
Mar 05, 2014

SMTP, SNAT via irule

Hello Community, I need your help for the following issue. The issue concering about SMTP and SNAT (the F5 should be the default GW in the mail server network, because of to see native client IP ad...
application delivery
devops
iRules
LTM
reen_sc_140631's avatar
reen_sc_140631
Icon for Nimbostratus rankNimbostratus
Mar 05, 2014

Hello, thanks for your answer but it seems not suitably for my issue (or I don't understand your answer)

 

I'll give you more information about that.

 

The mail relay server for the internal mail clients is 10.1.1.1 (smtp.office.local). The F5 performs a loadbalancing to 172.10.10.10 or 172.10.10.20 (pool members).

 

The next step is, one of those mail servers creates a "new" outgoing smtp connection to any public mail server. The mail servers default GW is 172.10.10.1 (F5 floating IP). In this case the F5 have to perform an Source NAT to deliver the mails.

 

That mean to following for outgoing traffic of 172.10.10.0/24:

 

  1. to deliver an e-mail or other non local traffic => source NAT
  2. receive any other traffic to the internal networks => no soure NAT

additionally... In my case the F5 replaces an firewall or router between the external network and the internal networks so I need to perform an normal IP Forwarding between those networks. I've read F5 can't forward IP packets by default (full proxy) and the recommended option is point 3

 

3 . wildcard vServers with type Forwarding (IP) for both sides ???

 

How can I realize that??? Other Suggestions are welcome

 

Thanks a lot