Forum Discussion
Jan_Rockstedt_4
Nimbostratus
NimbostratusSNAT problem
Hi,
I have created a standard virtuell server for port 80 and are only using it on the inside of the F5 LTM "LAN" as a load balancer.
The VS is working fine, but only if I use SNAT pool automap and I want to disable the SNAT as we want to see the source addresses from the clients.
If I disable the SNAT pool the VS server is not working.
Any sugestion to get this working?
Regards Jan
7 Replies
HamishCirrocumulus
To use a VS without SNAT, you need to have the route back to the client passing via the BigIP.
This means you either need to use the BigIP as the default gateway (For a locally attached VLAN) or implement policy routing to ensure the connection passes back correctly.
H
What_Lies_Bene1Cirrostratus
Are the clients and the VS on different IP subnets? If so Hamish's suggestion or using statics routes on the server(s) is valid. If not SNAT is unavoidable unless you want configure VLAN Groups and the like which probably isn't worth the effort just to avoid SNAT.
You could also use the XFF feature to add the original client address to an inserted HTTP header if that helps any?- HamishOr use the option 28 tcp insertion method to place the original client IP into the tcp packets. (iRule required)
H - What_Lies_Bene1Interesting, that's new to me, do you have a link to an example please? Thanks
- HamishIn the example for the TCP::option command
https://devcentral.f5.com/wiki/iRules.TCP__option.ashx
H - What_Lies_Bene1Thanks Hamish.
Jan_Rockstedt_4Hi,
Yes the client and the VS are on diffrent subnets.
Forgot to tell, that we use all VLANS and tunnels for the VLAN and Tunnel Traffic and version 11.1.0.
Thx, I will check the other sugestions.
Jan
