cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Need original client IP on SMTP VIP

F5SJ_
Altocumulus
Altocumulus

We have one VIp on port 25 in which we want to allow origin client ip. We asked server team to change the default route that will point to floating self ip of the VIP, that didn't work.

 

I configured http profile on the VIP and enabled x-forwarder that didn't work too. Kindly provide some solution to fix the problem.

 

VIP config:

 

ltm virtual xxxx {

  description xxxx

  destination x.x.x.x%RD:smtp

  ip-protocol tcp

  mask xxxx

  partition xxxx

  persist {

    /Common/source_addr {

      default yes

    }

  }

  pool xxxx

  profiles {

    /Common/tcp { }

  }

  source 0.0.0.0/0

  source-address-translation {

    type automap

  }

  translate-address enabled

  translate-port enabled

  }

2 REPLIES 2

F5SJ_
Altocumulus
Altocumulus

I searched some docs in devcentral and prepared one irule.

 

when CLIENT_ACCEPTED {

  set c-addr [IP::client_addr]

  log local0. "Client addr: $c-addr"

  STREAM::expression {@^EHLO.*@@ @^HELO.*@@}

  STREAM::enable

}

 

when STREAM_MATCHED {

  set mstring [STREAM::match]

  log local0. "STREAM_MATCHED: string: $mstring"

  set replacment [string range $mstring 0 1]

  append replacment "LO $c-addr\r\n"

  log local0. "STREAM_MATCHED: replacement string: $replacement"

  STREAM::replace $replacment

  event STREAM_MATCHED disable

}

 

when SERVER_CONNECTED {

  STREAM::disable

}

 

 

Will that work?

F5SJ_
Altocumulus
Altocumulus

Can someone pls update me on this..