Forum Discussion

Nimbostratus

Sep 08, 2012

SNAT - originating client IP

In a SNAT Pool setup, if you want to find out the client IP connecting to a VIP, is the only way to run tcpdump? If yes, then the tcpsump should be run against all snat pool IPs? T...

management

monitoring

hoolio

Cirrostratus

Sep 08, 2012

Hi Samurai,

If you're using the SNAT pool on a virtual server, you could use an iRule to log the source IP address TMM uses:

when SERVER_CONNECTED {

log local0. "Complete connection: Client: [IP::client_addr]:[TCP::client_port]<-> Virtual: [clientside {[IP::local_addr]:[TCP::local_port]}] LTM source [IP::local_addr]:[TCP::local_port] <-> Server: [IP::server_addr]:[TCP::server_port]"

}

If you have a lot of connections going through the virtual server, it would be a lot more efficient to use High Speed Logging to send the logs to a remote log server:

https://devcentral.f5.com/wiki/iRules.hsl.ashx

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SNAT - originating client IP

Recent Discussions

F5 Access 3.1.0 for Android problem

iRule to Change Default Pool (not redirect to another pool)?

What is the best practice for migrating from iseries to rseries?

iRule to Force Source IP to Specific Backend Node

checking the fan status on the device.

Related Content

Change original source IP to random in ASM logs

Four score and seven years ago... a laptop origin story 📖‌

Kill SNAT AutoMap!

Create an HTTPS Origin based on public FQDN for VoltMesh

Enhance your Application Security using Client-side signals – Part 2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS