Forum Discussion
Arun_102398
Nimbostratus
Nimbostratussubnet access to a proxy
We have a seperate LB in our environment to load balance proxies on our network.
So, as part of it. we would like to restrct a prticuar subnet to access a seperate proxy IP which is under a pool.So, we created an iRule. But, it did not give desired reqult. Below are the details of rule:
Ex Internal subnet: 172.16.25.x
Ex Proxy IP: 216.64.12.215
data grroup: poc_proxy_test which has the internal subnet.
iRule as created.
------------------
when CLIENT_ACCEPTED { if { [matchclass [IP::client_addr] equals $::poc_proxy_test] } {
IronPort Address
node 216.64.12.215[TCP::server_port] }
}
Michael_YatesWhat were the unexpected results / behavior that you are trying to work around?
I'm guessing Port Translation?
I think that your problem is that your trying to specify a connection to the server using [TCP::server_port]. Your trying to retrieve the port number to a node that you haven't established a connection with yet.
[TCP::server_port] = The serverside part of the LTM<->server connection.
I think that you should try changing it to use [TCP::client_port]. This would take the incoming connection port from the user (80, 443, etc) and send the traffic to the destination IP Address using that port.
[TCP::client_port] = The clientside part of the client<->LTM connection.
Another shortcut to that is to specify Port 0, which is the LTM's default 1 to 1 mapping for ports.when CLIENT_ACCEPTED { if { [matchclass [IP::client_addr] equals $::poc_proxy_test] } { IronPort Address node 216.64.12.215 0 } }
Arun_102398hi mich,
I shall trya nd update asap.