Forum Discussion

jwlarger's avatar
jwlarger
Icon for Cirrus rankCirrus
Oct 03, 2019

Test access sourcing from float

To test firewall rules we telnet to the pool member's service port, which proves access for the self IPs, but not for the float. Anyone know how to source from the float?

devops
Floating Self
LTM
telnet
telnet source float
  • Andrew-F5's avatar
    Andrew-F5
    Oct 14, 2019
    # telnet -b floating_self_ip destination_ip
    -b hostalias
        Uses bind(2) on the local socket to bind it to an aliased address (see ifconfig(8) and the ``alias'' 
        specifier) or to the address of another interface than the one naturally chosen by connect(2).  This 
        can be useful when connecting to services which use IP addresses for authentication and 
        reconfiguration of the server is undesirable (or impossible).

    Be aware of route domains; https://devcentral.f5.com/s/question/0D51T00006i7apM/telnet-to-server-from-f5

  • Andrew-F5's avatar
    Andrew-F5
    Icon for Employee rankEmployee
    Oct 14, 2019
    # telnet -b floating_self_ip destination_ip
    -b hostalias
        Uses bind(2) on the local socket to bind it to an aliased address (see ifconfig(8) and the ``alias'' 
        specifier) or to the address of another interface than the one naturally chosen by connect(2).  This 
        can be useful when connecting to services which use IP addresses for authentication and 
        reconfiguration of the server is undesirable (or impossible).

    Be aware of route domains; https://devcentral.f5.com/s/question/0D51T00006i7apM/telnet-to-server-from-f5

  • jwlarger's avatar
    jwlarger
    Icon for Cirrus rankCirrus
    Oct 18, 2019

    Tested today with no joy. v11.6.3, only one route-domain (0). Selecting the floating self IP results in:

    Cannot assign requested address

    No connection.

    Escape character is '^]'.

    SetSockOpt: Bad file descriptor

    • Andrew-F5's avatar
      Andrew-F5
      Icon for Employee rankEmployee
      Oct 18, 2019

      Do an 'ifconfig' at bash then look for the vlan name for that floating IP or look for the IP itself.

       

      • Andrew-F5's avatar
        Andrew-F5
        Icon for Employee rankEmployee
        Oct 18, 2019

        It appears that we associate the non-floating self-ip to the VLAN despite the floating *also* using the same vlan.

         

        The linux subsystem references TMM's VLANs as physical interfaces, non-floating IPs are assigned to the VLAN as you'll notice with "ifconfig".

  • jwlarger's avatar
    jwlarger
    Icon for Cirrus rankCirrus
    Oct 18, 2019

    Tried both in tmos and bash on the original ltm from the start. Just tried again with another ltm with only one vlan & float. Same error 'cannot assign'.