Forum Discussion
NimbostratusWant to create a Irule in BIG-IP 11.5.1 Build 10.0.180 Hotfix HF10
We need to create irule to allow if clients connects on port 21, 23, 443, 990 it has to go different pool, Example pool name: tcp port 21 has to go for the pool Globalscape-HA-servers-SSH-pool
Globalscape-HA-servers-Telnet-pool
Globalscape-HA-servers-SSL-pool
Globalscape-HA-servers-990-pool
Note: We have applied the irule in BIG-IP 12.1.3.4 its working but its not working in 11.5
Created Rule in 12.1.3.4.
when CLIENT_ACCEPTED { if {[TCP::remote_port] == 21} { pool Globalscape-HA-servers-SSH-pool } elseif {[TCP::remote_port] == 23} { pool Globalscape-HA-servers-Telnet-pool } elseif {[TCP::remote_port] == 990} { pool Globalscape-HA-servers-990-pool } elseif {[TCP::remote_port] == 443} { pool Globalscape-HA-servers-SSL-pool } else { discard } }
2 Replies
rob_carrCirrocumulus
Reformatting your rule for readability:
when CLIENT_ACCEPTED { if {[TCP::remote_port] == 21} { pool Globalscape-HA-servers-SSH-pool } elseif {[TCP::remote_port] == 23} { pool Globalscape-HA-servers-Telnet-pool } elseif {[TCP::remote_port] == 990} { pool Globalscape-HA-servers-990-pool } elseif {[TCP::remote_port] == 443} { pool Globalscape-HA-servers-SSL-pool } else { discard } }Are you sure this is working in v12?
I ask because in the clientside contex, TCP::remote_port returns the client's source port, while the logic of your rule is interested in the client's destination port.
I suggest rewriting this rule with TCP::local_port, then testing to see if you are getting the desired outcome.
You might also want to look into replacing your if/else construct with the switch construct, for efficiency sake.
Stanislas_Piro2Cumulonimbus
There are 2 better solutions:
- create one virtual server for each port... 4 VS is not so hard to create and let you manage configuration based on port
- create a LTM policy... easier than irule (not sure you can use port condition in version 11.5)
Rob already explained why your code don’t work!
