Forum Discussion
Jimmy_124170
Nimbostratus
NimbostratusVirtual Server working on port 443 but not 80
Hello all, Hope dans you can help me on this one. I have a working virtual server on port 443. Recently we were asked to put the virtual server on port 80. But once on port 80, the sever is not reachable anymore.
I did a tmsh list net self-allow and saw that the service http was not enabled. I enabled it but i still have the same problem... What am i missing ?
BTW, sorry for my english as i'm a french canadian !
Platform ID Z100 Platform Name BIG-IP Virtual Edition Software Version BIG-IP v11.3.0 (Build 2806.0)
If you could run a tcpdump on the virtual server's IP address when attempting a connection and capture it to a file, we could take a look and see if the problem shows in the capture.
tcpdump -nni 0.0 host 10.254.99.147 -s 1500 -w /var/tmp/capture.pcap
What_Lies_Bene1Cirrostratus
The 'net self-allow' relates to the Port Lockdown feature which only applies to management traffic destined for the F5, not LTM objects such as a Virtual Server. Can you provide more information on the VS configuration please?
Cory_50405Noctilucent
Did the destination server (pool member) change from 443 to 80 as well? If so, you'll need to update the pool member along with the virtual server.
Jimmy_124170no the destination server did not change as well.- Cory_50405Can you grab the config snippets of your virtual server and pool and paste here? tmsh list ltm virtual tmsh list ltm pool
- Jimmy_124170Here it is: tmsh list ltm virtual SMI-vs ltm virtual SMI-vs { description "Virtual Server pour accès via SMI" destination 10.254.99.147:http ip-protocol tcp mask 255.255.255.255 pool apg_pool profiles { Access-SMI { } OGR-Self { context serverside } SMI-cp { context clientside } client-ogr-self { context clientside } http { } ppp { } rba { } rewrite { } rewriteplugin { } tcp { } websso { } } rules { ogr_deny_ips } source 0.0.0.0/0 source-address-translation { type automap } vlans-disabled } tmsh list ltm pool apg_pool ltm pool apg_pool { members { 172.30.2.25:tproxy { address 10.148.200.131 session monitor-enabled state up } } monitor tcp }
- Jimmy_124170
Hope this one is good... tmsh list ltm virtual SMI-vs ltm virtual SMI-vs { description "Virtual Server pour accès via SMI" destination 10.254.99.147:http ip-protocol tcp mask 255.255.255.255 pool apg_pool profiles { Access-SMI { } OGR-Self { context serverside } SMI-cp { context clientside } client-ogr-self { context clientside } http { } ppp { } rba { } rewrite { } rewriteplugin { } tcp { } websso { } } rules { ogr_deny_ips } source 0.0.0.0/0 source-address-translation { type automap } vlans-disabled } tmsh list ltm pool apg_pool ltm pool apg_pool { members { 172.30.2.25:tproxy { address 172.30.2.25 session monitor-enabled state up } } monitor tcp }- Cory_50405If the only thing you changed was the port on your virtual server (443 to 80), then it could be your ogr_deny_ips rule.
- Jimmy_124170my bad. I should have mentioned that this rule is "empty". It's a test that have been done. I removed it anyway and retried and nothing has changed...
- What_Lies_Bene1Thank you. Can you please let us know what profile types are, it's hard to tell from the names.
- Cory_50405
If you could run a tcpdump on the virtual server's IP address when attempting a connection and capture it to a file, we could take a look and see if the problem shows in the capture.
tcpdump -nni 0.0 host 10.254.99.147 -s 1500 -w /var/tmp/capture.pcap
- Jimmy_124170
Thank you very much guys. Looks like my problem was with the profiles (SSL profiles) still "on". I can now reach my webtop.
- What_Lies_Bene1
You're welcome. I suspected as much.