SNAT - originating client IP

Question

In a  SNAT Pool setup, if you want to find out the client IP connecting to a  VIP, is the only way to run tcpdump?&nbsp;
If yes, then the tcpsump should be run against all snat pool IPs?&nbsp;
 &nbsp;
Thanks&nbsp;

hoolio · Answer

Hi Samurai, 
&nbsp;  
&nbsp; If you're using the SNAT pool on a virtual server, you could use an iRule to log the source IP address TMM uses: 
&nbsp;  
&nbsp; when SERVER_CONNECTED {  
&nbsp; log local0. "Complete connection: Client: [IP::client_addr]:[TCP::client_port]&lt;-&gt; Virtual: [clientside {[IP::local_addr]:[TCP::local_port]}] LTM source [IP::local_addr]:[TCP::local_port] &lt;-&gt; Server: [IP::server_addr]:[TCP::server_port]"  
&nbsp; }  
&nbsp;  
&nbsp; If you have a lot of connections going through the virtual server, it would be a lot more efficient to use High Speed Logging to send the logs to a remote log server: 
&nbsp; https://devcentral.f5.com/wiki/iRules.hsl.ashx 
&nbsp;  
&nbsp; Aaron

samurai · Answer

Aaron, Thank you!&nbsp;

Forum Discussion

SNAT - originating client IP

2 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Load balancing NTP Servers

APM Access Policy|SSLVPN | SAML auth questionnaires

Unable to install firmware OS and drop at 10%

Two Arm Deployment mode using PBR

libxml2 and CVE-2024-25062

Related Content

F5 Distributed Cloud Origin Server Subset Rules

F5 Distributed Cloud - Mitigation for Cross Tenant Origin Exposure (CTOE)

SNAT IP address logging

Understanding SNAT

Selective SNAT

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS