Forum Discussion
nitass
Feb 10, 2013Employee
have you tried tcpdump on bigip?
e.g.
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.252:80
ip protocol 6
rules myrule
profiles {
http {}
tcp {}
}
}
[root@ve10:Active] config b pool foo list
pool foo {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
set client_src_ip_v0 [ IP::remote_addr ]
}
when HTTP_REQUEST {
HTTP::header insert CLT_SRC_IP_v0 $client_src_ip_v0
HTTP::header insert CLT_SRC_IP_v1 [IP::remote_addr]
HTTP::header insert lws CLT_SRC_IP_v2 [IP::remote_addr]
HTTP::header insert X-Forwarded-For [IP::remote_addr]
HTTP::header insert_modssl_fields addr addr addr
log local0. "X-Forward IP: [HTTP::header values "X-Forwarded-For"]"
log local0. "Client IP: [IP::remote_addr]"
}
}
tcpdump
[root@ve10:Active] config ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.19.251(48890) <-> 172.28.19.252(80)
1360482736.7723 (0.0011) C>S
---------------------------------------------------------------
GET /something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.252
Accept: */*
---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(48890) <-> 200.200.200.101(80)
1360482736.7743 (0.0010) C>S
---------------------------------------------------------------
GET /something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.252
Accept: */*
CLT_SRC_IP_v0: 172.28.19.251
CLT_SRC_IP_v1: 172.28.19.251
CLT_SRC_IP_v2: 172.28.19.251
X-Forwarded-For: 172.28.19.251
ClientIPAddress: 172.28.19.251
---------------------------------------------------------------
/var/log/ltm
[root@ve10:Active] config tail -f /var/log/ltm
Feb 10 15:51:51 local/tmm notice tmm[4884]: 013e0001:5: Tcpdump starting bcast on :::0 from 127.1.1.1:42237
Feb 10 15:52:16 local/tmm info tmm[4884]: Rule myrule : X-Forward IP: 172.28.19.251
Feb 10 15:52:16 local/tmm info tmm[4884]: Rule myrule : Client IP: 172.28.19.251
Feb 10 15:52:19 local/tmm notice tmm[4884]: 013e0002:5: Tcpdump stopping on 127.1.1.2:34967 from 127.1.1.1:42237