Configure the F5 BIG-IP as an Explicit Forward Web Proxy Using LTM
, can you validate that when you do a tcpdump, you see queries sent and received on the IP you have configured in your DNS resolver? I too was getting DNS failures in my browser when I just set this up again in my own environment which let me to believe I did not have a route configured for my queries and external connections to use. I have a very basic configuration and when I did an "ip get route 8.8.8.8" it was attempting to use my mgmt IP. That of course is not going to work so I configured a default route for my BIG-IP to use a gateway that had access to the outside world. Using ip route get and tcpdump, can you validate your connections are being attempted using your external self IP? If you do not have an external self IP configured, that needs to be done first. I will be updating this article to reflect these troubleshooting steps as well. Let me know.
[root@ip-10-1-1-4:Active:Standalone] log # ip route get 8.8.8.8
8.8.8.8 via 10.1.10.1 dev External src 10.1.10.240
cache
[root@ip-10-1-1-4:Active:Standalone] log #
[root@ip-10-1-1-4:Active:Standalone] log # tcpdump -ni 0.0 host 8.8.8.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:15:32.240515 IP 10.1.10.240.31374 > 8.8.8.8.domain: 55472+ [1au] A? e13678.DSPb.akAmAIEDgE.neT. (55) out slot1/tmm1 lis=
17:15:32.266805 IP 8.8.8.8.domain > 10.1.10.240.31374: 55472 1/0/1 A 23.64.48.164 (71) in slot1/tmm1 lis=