Forum Discussion

Tim_F_122241's avatar
Tim_F_122241
Icon for Nimbostratus rankNimbostratus
Mar 05, 2013

IP/Port Forwarding on LTM 11.3

Hi,

 

 

I've been thrown into the deep end of F5s and searched high and low for answers to no avail. Basically, I want to port forward from an origin IP/Port to a pool of Exchange CAS servers. Things I've done so far:

 

 

* Created a SNAT pool with the IPs of the two CAS boxes listening on port 25, created a VIP to listen on port 2525.

 

 

The network traffic flow is as follows:

 

203.x.x.x:25 --> FW NAT --> SMTP gateway 10.1.2.x:2525 --> Exchange CAS VIP 10.1.2.x:25

 

I've also got LAN traffic pointing to 10.1.2.x for Exchange CAS traffic from Outlook clients internally (RPC) but I guess this is irrelevant for my solution as they are on different VIPs.

 

I can get the LTM to listen on port 2525 and I can telnet to it from the SMTP gateway but it won't forward to the CAS pool.

 

 

Maybe an iRule or template?

 

 

Thanks for any help in advance.

 

basic
getting started
new to f5

6 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 05, 2013
    I can get the LTM to listen on port 2525 and I can telnet to it from the SMTP gateway but it won't forward to the CAS pool. have you tried snat automap under the exchange CAS virtual server setting?

     

     

    can you post the CAS virtual server configuration?

     

    tmsh list ltm virtual (name)

     

    tmsh list ltm pool (name)
  • Tim_F_122241's avatar
    Tim_F_122241
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2013

    have you tried snat automap under the exchange CAS virtual server setting? No. Where do I find that?

     

     

    tmsh list ltm virtual:

     

     

    ltm virtual mla-exchange_MM_Receive {

     

    destination 10.1.2.x:smtp

     

    ip-forward

     

    ip-protocol tcp

     

    mask 255.255.255.255

     

    profiles {

     

    fastL4 { }

     

    }

     

    source 0.0.0.0/0

     

    source-port change

     

    translate-address disabled

     

    translate-port disabled

     

    vlans-disabled

     

    }

     

     

    tmsh list ltm pool

     

    ltm pool Pool_Forward_2525_to_25_Exchang {

     

    load-balancing-mode least-connections-member

     

    members {

     

    10.1.2.x:smtp {

     

    address 10.1.2.x

     

    }

     

    10.1.2.x:smtp {

     

    address 10.1.2.x

     

    }

     

    }

     

    }

     

     

     

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 05, 2013
    can you change virtual server type from forwarding (ip) to either standard or performance (layer 4)?

     

     

    snat setting is named "source address translation" under virtual server configuration. set it to "auto map".
  • Tim_F_122241's avatar
    Tim_F_122241
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2013
    OK, tried both of those and now I can't telnet on port 2525.

     

    Service state : Unknown (Enabled) - The children pool member(s) either don't have service checking enabled, or service check results are not available yet
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 05, 2013
    ltm virtual mla-exchange_MM_Receive {

     

    destination 10.1.2.x:smtpvirtual server port should be 2525 (rather than 25), shouldn't it?

     

     

    Service state : Unknown (Enabled) - The children pool member(s) either don't have service checking enabled, or service check results are not available yetthat is fine. bigip just sends traffic to pool right away (without checking).
  • Tim_F_122241's avatar
    Tim_F_122241
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2013

    OK, think I got it.

     

     

    I changed the resources on the Virtual Server as per the attached.

     

     

    I can telnet to the VIP on 2525 and it is forwarding to port 25 where I can helo to our CAS boxes.