Forum Discussion
Mar 21, 2022
Hi MKuma ,
Without removing SNAT, as far as I know you are left two potential options.
- nPath aka Direct Server Return. This allows the server to see the real IP and respond directly to the client via its default gateway: https://support.f5.com/csp/article/K11116
or https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/configuring-layer-3-npath-routing.html - or the PROXY protocol, which injects information via a header such as source ip, destination ip, port, and maybe more. F5 doesn't support the PROXY protocol natively, so you would need to use iRules: https://support.f5.com/csp/article/K40512493 Support will vary greatly among SMTP servers, unfortunately.
That said, removing the need for SNAT is the best way to get the true IP into the SMTP server, but of course it might mean you need to rearchitect how your mail servers connect to the F5.
Thanks,
Josh
- MKumaMar 25, 2022Nimbostratus
Thanks Josh!