11-Mar-2021 11:21
Hi,
Is there a way to preserve the original source IP of traffic passing through an LTM Virtual server? We have enabled the Insert X-Forwarded-For option in the HTTP profile and while this works for web traffic we have other traffic hitting the virtual servers that are outside of web traffic and need a way to preserve the source IP for incident handling purposed.
thanks
16-Mar-2021 21:22
Obviously other protocols don't have "X-Forwarded-For", so the only way to preserve the source IP is to actually preserve the source IP: turn off SNAT in the Virtual Server so that the source address is not translated.
This is a "routed" configuration, rather than a "SNAT" configuration, and means the backend server will see the connection as from the real client IP.
As you can see this is quite a different design. For more information see About Virtual Servers in the BIG-IP Local Traffic Management: Basics manual.
22-Mar-2021 09:38
For SMTP there is a posible solution as it is similar to HTTP as it also has headers:
https://devcentral.f5.com/s/question/0D51T00006i7N6U/adding-xheader-to-smtp
For DNS there is th EDNS Client Subnet:
https://devcentral.f5.com/s/articles/using-client-subnet-in-dns-requests-31948