SNAT - originating client IP

Question

In a  SNAT Pool setup, if you want to find out the client IP connecting to a  VIP, is the only way to run tcpdump?&nbsp;
If yes, then the tcpsump should be run against all snat pool IPs?&nbsp;
 &nbsp;
Thanks&nbsp;

hoolio · Answer

Hi Samurai, 
&nbsp;  
&nbsp; If you're using the SNAT pool on a virtual server, you could use an iRule to log the source IP address TMM uses: 
&nbsp;  
&nbsp; when SERVER_CONNECTED {  
&nbsp; log local0. "Complete connection: Client: [IP::client_addr]:[TCP::client_port]&lt;-&gt; Virtual: [clientside {[IP::local_addr]:[TCP::local_port]}] LTM source [IP::local_addr]:[TCP::local_port] &lt;-&gt; Server: [IP::server_addr]:[TCP::server_port]"  
&nbsp; }  
&nbsp;  
&nbsp; If you have a lot of connections going through the virtual server, it would be a lot more efficient to use High Speed Logging to send the logs to a remote log server: 
&nbsp; https://devcentral.f5.com/wiki/iRules.hsl.ashx 
&nbsp;  
&nbsp; Aaron

samurai · Answer

Aaron, Thank you!&nbsp;

Forum Discussion

SNAT - originating client IP

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Single LTM with multiple GTM domains

License activation

Syslog server not visible in GUI

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

Related Content

F5 Distributed Cloud Origin Server Subset Rules

F5 Distributed Cloud - Mitigation for Cross Tenant Origin Exposure (CTOE)

SNAT pool persistence

XC - geo LB to the origin servers

SNAT IP address logging

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS