Forum Discussion

GOB_33456's avatar
GOB_33456
Icon for Nimbostratus rankNimbostratus
Feb 21, 2012

Newbie to an old box

Hi

 

 

I have just dusted off a couple of Big-IP 2400 boxes as I need to do some reverse proxying of HTTP traffic, ie I have one public IP serving lots of internal dev web servers. So the plan is to use a pool for each individual web server and using rules, route incoming traffic based on the hostname in the URL to a specific pool.

 

 

 

Before I got too adventurous I managed to crack the root password and reconfigure the networking etc so I was starting with a clean slate.

 

 

 

I have 1 port/Vlan designated as External and the remainder as Internal VLAN

 

The external port is plugged directly into our public internet feed and has a public IP assigned. I have created a couple of virtual servers on a second public IP:

 

 

 

66.66.66.66:80

 

66.66.66.66:8080

 

 

 

I have a switch hooked into the Internal VLAN with two web servers on

 

192.168.5.181:80

 

192.168.5.182:80

 

 

 

Both servers are members of one Pool which is assigned to both virtual servers. I haven't bothered with the URL rules yet. Monitoring on both servers is up for ping and http.

 

 

 

If I open the public IP in a browser either on port 80 or 8080 I get nothing.

 

If I telnet on port 80 the connection fails instantly but if I telnet on port 8080 it tries for 30 seconds then fails.

 

Virtual server stats show connection attempts on port 8080 but not on port 80.

 

Pool Stats show packets 'In' to each node but nothing out.

 

 

 

So it appears I have two issues -

 

Port 8080 is getting through to the pool but port 80 isn't.

 

Nothing is coming back from the web servers.

 

 

 

Do the web servers need their gateway set to the Big-IP box?

 

Running version 4.5 on BSD

 

 

 

Any suggestions gratefully received.

 

 

 

 

 

 

 

3 Replies

  • the web servers should have a default route to your bigip or static routes configured for your external destinations. The alternative is to use snat automap, but it's been so long I don't remember if that was a feature on 4.5.
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Yeah. I think SNAT was a feature on 4.5. Like you say a long time ago though. I Think you have a snat pool to use though. No autosnat IIRC...
  • I think SNAT and SNAT automap existed even before 4.2:

     

     

    http://support.f5.com/kb/en-us/archived_products/big-ip/releasenotes/product/relnotes4_2.htmlnew10

     

     

    Enhanced support for Secure Network Address Translations (SNATs)

     

     

    In previous releases, BIG-IP allowed you to automatically map VLANs to translation IP addresses during SNAT creation. In this release, you can now use this automapping feature not only for VLANs, but for one or more individual IP addresses. For more information, see the BIG-IP Reference Guide, Address Translation: NATs, SNATs, and IP Forwarding.

     

     

    If you get stuck configuring this, you should open a case with F5 Support and ask for Paul Pfarr :)

     

     

    Aaron