SNAT - originating client IP

Question

In a  SNAT Pool setup, if you want to find out the client IP connecting to a  VIP, is the only way to run tcpdump?&nbsp;
If yes, then the tcpsump should be run against all snat pool IPs?&nbsp;
 &nbsp;
Thanks&nbsp;

hooleylist · Answer

Hi Samurai, 
&nbsp;  
&nbsp; If you're using the SNAT pool on a virtual server, you could use an iRule to log the source IP address TMM uses: 
&nbsp;  
&nbsp; when SERVER_CONNECTED {  
&nbsp; log local0. "Complete connection: Client: [IP::client_addr]:[TCP::client_port]&lt;-&gt; Virtual: [clientside {[IP::local_addr]:[TCP::local_port]}] LTM source [IP::local_addr]:[TCP::local_port] &lt;-&gt; Server: [IP::server_addr]:[TCP::server_port]"  
&nbsp; }  
&nbsp;  
&nbsp; If you have a lot of connections going through the virtual server, it would be a lot more efficient to use High Speed Logging to send the logs to a remote log server: 
&nbsp; https://devcentral.f5.com/wiki/iRules.hsl.ashx 
&nbsp;  
&nbsp; Aaron

samurai · Answer

Aaron, Thank you!&nbsp;

Forum Discussion

SNAT - originating client IP

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Enhance your Application Security using Client-side signals

F5 SMTP Fast Template - SNAT Not working as expected

Kill SNAT AutoMap!

Enhance your Application Security using Client-side signals – Part 2

WILS: Client IP or Not Client IP, SNAT is the Question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS