ssh virtualserver

On the Virtual server x.x.x.42:22 do you have SNAT: Automap setting turned on?

 

 

CB

Yes..."SNAT Pool:" is set to "Auto Map".

 

 

Thanks,

That is the source of why you see the same source address. Setting SNAT Pool to AutoMap is going to change the source ip address of the egress interface of the F5, which is what is happening in your situation. Is there any reason why you need SNAT set to Auto map?

 

 

Either way...I've set "SNAP Pool" to "None", and to "Auto Map", and the outcome is the same. I'm still seeing the F5's IP, and not my IP when sshing through.

 

 

Thanks for the help,

Do you have an irule that's snatting?

Nope, there are no iRules for this virtualserver. If it makes anything clearer....I have the same setup of virtualservers->pools for my webservers, and currently I need to rely on the X-FORWARDED-FOR header to get my webserver logs to be correct. Other services however don't have http headers....

As cmbhatt was suggesting, there are a few different places that SNAT can be enabled/disabled. You could have an iRule specifying SNAT; SNAT enabled on the virtual server, or a global SNAT. Finally, you can have SNAT enabled/disabled at the pool level. Having SNAT enabled on the pool alone won't trigger SNAT'ing to take place. It must be enabled in another place as well. But you can prevent SNAT from being using for traffic to a specific pool by disabling it on the pool.

 

 

If you've already disabled the first two, and still see the source address as LTM, you can check under Local Traffic >> SNATs >> SNAT list for a globally applied SNAT.

 

 

Assuming there is a global SNAT, you could either change it to not match this traffic or more ideally, disable SNAT on the SSH pool.

 

 

Aaron

Ah....thanks a lot! I didn't check the global SNAT declarations, but I'm going to assume this is the case, as I "disallow SNAT"'d on the pool's advance options, and this seems to have done it! Thank you very much, both cmbhatt and hoolio!