Forum Discussion
flicky2000_1616
Nimbostratus
NimbostratusWildcard Virtual Server IP Forwarding
Hi - we have an SMTP server that sits off a DMZ vlan off the F5. The D/G for the SMTP server is the real address of the F5. We want to the SMTP server to be able to make SMTP calls to any SMTP server...
nitass_89166
Noctilucent
NoctilucentI can see an SMTP request from the DMZ SMTP server to another server hit the F5 on the DMZ vlan interface by doing a tcpdump. I don't see it exit the box on the other vlan interface that faces the internet firewall.
if route is there, you should see egress packet. if you want, you can try wildcard performance layer 4 virtual server (instead of wildcard ip forwarding virtual server) and use gateway (192.168.120.254%1:any) as a pool.
when you did not see packet out, did you see reset? if yes, you may try to log reset cause.
sol13223: Configuring the BIG-IP system to log TCP RST packets
https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html
flicky2000_1616no RST seen. This is the tcpdump from the DMZ vlan on the F5:- flicky2000_1616[me@f5:Standby:Changes Pending] ~ tcpdump -nn -i DMZ-VLAN | grep 10.198.7.122
- flicky2000_1616for some reason won't let me post the tcpdump output to devcentral - keeps saying it's spam! Needless to say it's just SYN packets. Running the same trace on the internet firewall facing vlan - I see nothing. One thing to note but I don't think it matters - this is a cluster. Traffic groups with floating live traffic on rd0 are on the active box. This testing is being done on the standby box (but standby wouold only mean for floating traffic groups?). The default gateway for the DMZ FTP server is the non-floating self IP on the standby box. In fact there are no floating objects yet assocaited with rd1. NB. out of working hours I have also failed the floating traffic groups for the live traffic on rd0 over so the standby says Active. Just to see if that made any difference (I didn't think it would) - it didn't.