I would like to be able to load balance SMTP servers with LTM, and have the SMTP servers see the original IP address of the sender.
We have already changed the default gateway of the SMTP servers to the floating IP of the F5 units. I have SNAT Pool set to None, and Address Translation and Port Translation enabled.
When I connect with telnet to port 25 on the virtual server, the connection is quickly closed before I can even finish HELO.
Can someone share implementation details?
I'd guess the SMTP server is closing the connection before you have a chance to send any data. You can get around this issue by using netcat from the LTM command line:
echo "my smtp commands" | nc VIP_IP VIP_PORT
Also, clients on the same subnet as the SMTP servers would not work as the SMTP servers would respond back directly to the clients--not to LTM.
My test servers was actually connected to an old Cisco load balancer. Even though we change the default route on the server, the Cisco sent the responses back to the firewall instead of the F5.
I also created a forwarding IP virtual server so we could access the real server.
Where do you want to see the original client IP address that you're not? Is it on LTM that you want to use the client IP for persisting? Or is it on the RDP servers that you want to see the client IP address? If so, are you using SNAT or some other method to translate the source IP address on connections from LTM to the pool?
I am trying to make is revealed on RDP servers. I am using SNAT right now. I want to know if there are any other implements to make me achive RDP
server balancing and client IPs seeable on RDP real servers!
I don't think there is any mechanism within RDP to pass the original client IP address to the server. If the clients and servers are not on the same network and you can change to servers' default gateway to LTM's self IP on their network, you could remove the SNAT from the VIP and have LTM use the client's IP address to establish the serverside connection.
I'm facing some similar problems with this "simple" type of configuration.
I have a VServer with public IP, Performance (http) type, with a pool with 1 server (private ip). No SNAT configured, so i guess i should see the client IP Address when someone "hits" the VServer.
The server has a way to see the client ip address and is always showing the F5 self ip of the internal vlan.
Physically, i have the following scenario:
[Router] --- [F5] ---- [FW] ---- [Server]
[Router] - [F5] -- Public IP
[F5] - [FW] - Private IP (routed zone)192.168.250.0/24
[FW] - [Server] - Private IP (DMZ) 10.100.149.0/24
If i have no SNAT configured in VServer, why is the packet arriving on the server with the source IP of the Self IP Address of F5 Internal Vlan ?
What i was hopping was to see the real ip clients o my webservers fo variuos proposes.(Statistics, control, security, etc...)
One of the ways the Perf HTTP profile improves performance is by performing source address translation and using OneConnect. If you need to preserve the original client IP address you could change to a standard HTTP profile and add a custom OneConnect profile with a 255.255.255.255 source mask. For details on the performance HTTP profile, try searching on AskF5.com. If you can't find relevant solutions, let me know.
Is there a way of getting this to work within a single VLAN, or do I need to have my Virtual Server in one VLAN and my server Pool and SNAT in a different VLAN? Any light on what I might be missing would be grateful.
I read the full conversation. I have a similar configuration to the customer but unfortunately has a SMTP load balance with SNAT enabled, the customer has other services configured in this way also, but for this particular SMTP VS would to allow to see the Original IP address by the SMTP real servers, I think for logging purposes.
Is it possible to add into the Virtual Server configuration a similar "X-Forwarded-For" but only for SMTP?
It's up to the software (i.e. the SMTP server) to pull that info though and use it.
I have similar requirement, can you please help me with the solution.
Requirement :- We have SMTP server which are getting load balance via F5 LTM and we want to see Client IP address instead of SNAT.
A new question is probably a better way to go, this one has different questions together.
You might be able to stop using Source Address translation and get the real IP. But that depends on your network setup. Can you come up with a network diagram?
Beyond that there are no real options. someone suggests the TCP options, but that is a long shot, what is your SMTP server brand / vendor?