Forum Discussion
nitass
Feb 27, 2013Employee
you may check source port. bigip tries to use the same source port on server-side. irule logging is also usable.
e.g.
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.252:22
ip protocol 6
rules myrule
}
[root@ve10:Active] config b pool foo list
pool foo {
members 200.200.200.101:22 {}
}
[root@ve10:Active] config b self 200.200.200.10 list
self 200.200.200.10 {
netmask 255.255.255.0
vlan internal
allow default
}
(1) - (3) is client-side connection and (4) - (6) is server-side connection
[root@ve10:Active] config tcpdump -nni 0.0 -s0 port 22 and not host 192.168.206.75
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
(1) 22:07:04.047446 IP 172.28.20.120.46154 > 172.28.19.252.22: S 2301043389:2301043389(0) win 14600 in slot1/tmm0 lis=
(2) 22:07:04.047481 IP 172.28.19.252.22 > 172.28.20.120.46154: S 1607017789:1607017789(0) ack 2301043390 win 4380 out slot1/tmm0 lis=bar
(3) 22:07:04.050367 IP 172.28.20.120.46154 > 172.28.19.252.22: . ack 1 win 115 in slot1/tmm0 lis=bar
(4) 22:07:04.050407 IP 200.200.200.10.46154 > 200.200.200.101.22: S 3026268657:3026268657(0) win 4380 out slot1/tmm0 lis=bar
(5) 22:07:04.051415 IP 200.200.200.101.22 > 200.200.200.10.46154: S 2681472808:2681472808(0) ack 3026268658 win 5792 in slot1/tmm0 lis=bar
(6) 22:07:04.051427 IP 200.200.200.10.46154 > 200.200.200.101.22: . ack 1 win 4380 out slot1/tmm0 lis=bar
[root@ve10:Active] config b rule myrule list
rule myrule {
when SERVER_CONNECTED {
log local0. "client-side [IP::client_addr]:[TCP::client_port] > [clientside {IP::local_addr}]:[clientside {TCP::local_port}] | server-side [IP::local_addr]:[TCP::local_port] > [IP::remote_addr]:[TCP::remote_port]"
}
}
[root@ve10:Active] config tail /var/log/ltm
Feb 27 22:07:04 local/tmm info tmm[22185]: Rule myrule : client-side 172.28.20.120:46154 > 172.28.19.252:22 | server-side 200.200.200.10:46154 > 200.200.200.101:22