Forum Discussion

portoalegre's avatar
portoalegre
Icon for Nimbostratus rankNimbostratus
Mar 15, 2021

Connection refused from telnet self source Ip address

Hi, currently we have a problem where some Servers sitting south of the load balancer are unable to connect to hosts outside the load balancing network on port 4443 and ssh for example.

 

I'm unable to get hold of my Server team at the moment, so I tried to telnet myself directly from the F5 using the following:

 

f5# telnet destination_ip port_443 = successful connection!

f5# telnet destination_ip port_22 = successful connection!

 

Next I tried from the subnet where the Servers are trying to make a connection to the outside hosts on port 443, directly from the F5:

 

telnet -b self_source_ip (f5) destination_ip port_443 = failed, connection refused

 

I have a packet capture and I see:

 

F5 > Outside Host = SYN

Outside host>F5 = SYN, ACK

F5> Outside Host = RST, ACK

 

Why is the F5 sending a Reset packet back to host after the host replied? Specifically from the Self IP address where the Servers sit who cannot connect to the Outside hosts on port 443. Self IP configuration has no port lockdown "Allow all"

 

Are you able to telnet from the Self Ip address? If I try another outside host on another subnet entirely I get the same result!

 

There is one thing I should let you know at the moment I'm doing a migration where this particular outside subnet is moving onto the F5 so about 4 of those outside hosts have moved to the F5. So I have a subnet on the F5 for the outside hosted subnet and created a forwarding IP rule inbound and outbound for this subnet to allow any source to connect to 4 migrated hosts, all protocols open. These particular migrated 4 hosts are using the F5 as the Default Gateway, whilst the hosts that haven't migrated and sit on the internal network are using the Switch SVi for the default gateway.

 

 

No RepliesBe the first to reply