Forum Discussion
NimbostratusSMTP
Hi
I found a irule on the dev-central to insert the client IP address as it passes throw the F5 and not the SNAT IP address
when SERVER_CONNECTED {
scan [IP::client_addr] {%d.%d.%d.%d} a b c d
TCP::option set 29 [binary format cccc $a $b $c $d] all
}
but from my postfix server i can still see the traffic coming from the floating IP address is there anyway to do this..
2013-05-22T11:48:21.515573+02:00 linux postfix/smtpd[8177]: disconnect from unknown[192.168.20.53]
2013-05-22T11:50:50.280023+02:00 linux postfix/qmgr[8138]: CC9CBAFC27: from=, size=178, nrcpt=1 (queue active)
2013-05-22T11:51:10.355274+02:00 linux postfix/smtp[8215]: CC9CBAFC27: to=, relay=none, delay=622, delays=602/0.01/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=eoh.co.za type=MX: Host not found, try again)
5 Replies
What_Lies_Bene1Cirrostratus
Angelo, that rule adds the original IP to a TCP option header. The SNAT address is still used to initiate the connection and will be seen in the logs. You'll need to somehow extract the original client IP from the TCP header and log that instead. I've no idea how.
I assume you actually need the SNAT to occur right but you want to log the original client IP?
AngeloYES is this possible...- What_Lies_Bene1It should be but I've no idea how it's done I'm afraid.
Is parsing the http://en.wikipedia.org/wiki/X-Originating-IP contents possible as an alternative? - AngeloLMAO thanks buddy
- What_Lies_Bene1Anytime
