For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JohnQuintas_910's avatar
JohnQuintas_910
Icon for Nimbostratus rankNimbostratus
Oct 16, 2015

SNAT outbound connections from pool members to virtual server IP for a specific outbound port

I have a virtual server for inbound ftp connections Virtual server: 1.1.1.1:21, using the standard FTP profile and source_addr persistence, 30 min timeout Pool Members: 10.0.0.10:21 10.0.0.11:...
application delivery
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 20, 2015

Hi,

First, when creating a forwarding VS, create a specific VS for FTP:

VS_OUT_FTP

  • Type Standard
  • Destination 0.0.0.0/0
  • profile ftp
  • translate disable (default when creating a VS with a network destination)
  • Pool none

This will allow FTP dynamic port to be handled as FTP Data connection.

After that, you can create the irule with switch instead of if, elseif, elseif, ..

when CLIENT_ACCEPTED {
    switch [IP::client_addr] {
        "10.0.0.10" -
        "10.0.0.11" { snat 172.18.1.1 }
        "10.0.0.12" -
        "10.0.0.13" { snat 172.18.1.2 }
        "10.0.0.14" -
        "10.0.0.15" { snat 172.18.1.3 }
    }
}