Forum Discussion
jwlarger
Cirrus
CirrusTest access sourcing from float
To test firewall rules we telnet to the pool member's service port, which proves access for the self IPs, but not for the float. Anyone know how to source from the float?
# telnet -b floating_self_ip destination_ip-b hostalias Uses bind(2) on the local socket to bind it to an aliased address (see ifconfig(8) and the ``alias'' specifier) or to the address of another interface than the one naturally chosen by connect(2). This can be useful when connecting to services which use IP addresses for authentication and reconfiguration of the server is undesirable (or impossible).Be aware of route domains; https://devcentral.f5.com/s/question/0D51T00006i7apM/telnet-to-server-from-f5.
jwlargerTried both in tmos and bash on the original ltm from the start. Just tried again with another ltm with only one vlan & float. Same error 'cannot assign'.
- jwlarger
Tested today with no joy. v11.6.3, only one route-domain (0). Selecting the floating self IP results in:
Cannot assign requested address
No connection.
Escape character is '^]'.
SetSockOpt: Bad file descriptor
- Lidev
MVP
same result on v13.1, I'm going to end up believing that there's no way to test flows from floating IP 😳 (nc -s give the same bind failed).
Any others solutions ? @Andrew C. - F5 Support Engineer
- Lidev
same issue 😕
#tmsh
# telnet -b 10.xx.xx.xx yy.yy.2.2 443
Trying yy.yy.2.2...
Couldn't bind to 10.xx.xx.xx
it works with selfip but not with floating selfip
Andrew-F5Employee
Do an 'ifconfig' at bash then look for the vlan name for that floating IP or look for the IP itself.
- jwlarger
Thanks!
- Andrew-F5
# telnet -b floating_self_ip destination_ip-b hostalias Uses bind(2) on the local socket to bind it to an aliased address (see ifconfig(8) and the ``alias'' specifier) or to the address of another interface than the one naturally chosen by connect(2). This can be useful when connecting to services which use IP addresses for authentication and reconfiguration of the server is undesirable (or impossible).Be aware of route domains; https://devcentral.f5.com/s/question/0D51T00006i7apM/telnet-to-server-from-f5.
