Forum Discussion

ADC18's avatar
ADC18
Icon for Nimbostratus rankNimbostratus
Aug 23, 2018

SNAT=None client source IP is self IP

I am trying to setup non-HTTP vServer. End server needs to see client source IP. After disabling SNAT ( SNAT=NONE), I am getting source IP as Self IP. End server GW is pointing to Self-IP. Why source IP is Self IP when SNAT is set to none.

 

application delivery
BIG-IP
LTM
  • Martin_Šebek_58's avatar
    Martin_Šebek_58
    Icon for Nimbostratus rankNimbostratus
    Aug 23, 2018

    Where do you see a self ip as a source? If SNAT is not set the only traffic sourcing from self ip should be monitors testing availability of the nodes (backend servers).

     

    • ADC18's avatar
      ADC18
      Icon for Nimbostratus rankNimbostratus
      Aug 23, 2018

      This was my vserver config ( created http vserver to test) - (Active)(tmos) list ltm virtual mo_test_80-vs ltm virtual mo_test_80-vs { destination 10.4x.x.2:http ip-protocol tcp mask 255.255.255.255 persist { motTest { default yes } } pool mo_test-80 profiles { fasthttp { } } snatpool Default-SNAT }

       

      Changed to ltm virtual mo_test_80-vs { destination 10.x.x2:http ip-protocol tcp mask 255.255.255.255 persist { motTest { default yes } } pool mo_test-80 profiles { fasthttp { } } }

       

      I am getting source IP as per default-SNAT. I have changed monitor interval to 1000 second so it is not monitor traffic.

       

    • Martin_Šebek_58's avatar
      Martin_Šebek_58
      Icon for Nimbostratus rankNimbostratus
      Aug 23, 2018

      Ok. In this case I would use tcpdump to sniff through the traffic and see what is going on. Regarding the configuration you posted. It looks somewhat strange as I would expect snatpool definition within source-address-translation.

       

      What version are you running?

       

    • Austin_Geraci's avatar
      Austin_Geraci
      Icon for MVP rankMVP
      Aug 23, 2018

      It's tough to chase problems with old code - 10.2.4 is from 2012... What's the issue with upgrading? unsupported hardware? or environment restrictions?

       

      Have you tried deleting all current connections? to/from the VIP in question and testing again? If not, that may be it.

       

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 24, 2018

    Hi ADC,

     

    I think you probably have to create a NAT, can you check in:

     

    • Local Traffic ›› Address Translation : NAT List ›› New NAT...

    And told me if you set up a NAT for specific Origin Address.

     

    How you constate that snat don't work? so if my first suposition is not right can you validate that Request that is comming to the node with self IP is not a monitoring request?

     

    regards

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 24, 2018

    Hi,

     

    Is there any SNAT (not SNAT POOL) with source IP 0.0.0.0/0 and with automap?

     

    If there is such object, it will enable automap even if the virtual server is not configured with SNAT POOL!