For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Arun_102398's avatar
Arun_102398
Icon for Nimbostratus rankNimbostratus
Jun 02, 2010

subnet access to a proxy

We have a seperate LB in our environment to load balance proxies on our network.   So, as part of it. we would like to restrct a prticuar subnet to access a seperate proxy IP which is under a poo...
application delivery
dev
devops
iRules
Michael_Yates's avatar
Michael_Yates
Icon for Nimbostratus rankNimbostratus
Jun 03, 2010
What were the unexpected results / behavior that you are trying to work around?

I'm guessing Port Translation?

I think that your problem is that your trying to specify a connection to the server using [TCP::server_port]. Your trying to retrieve the port number to a node that you haven't established a connection with yet.

[TCP::server_port] = The serverside part of the LTM<->server connection.

I think that you should try changing it to use [TCP::client_port]. This would take the incoming connection port from the user (80, 443, etc) and send the traffic to the destination IP Address using that port.

[TCP::client_port] = The clientside part of the client<->LTM connection.

Another shortcut to that is to specify Port 0, which is the LTM's default 1 to 1 mapping for ports. 

 
when CLIENT_ACCEPTED { 
if { [matchclass [IP::client_addr] equals $::poc_proxy_test] } {
 IronPort Address
node 216.64.12.215 0
}
 }