Forum Discussion

Arron_1084's avatar
Arron_1084
Icon for Nimbostratus rankNimbostratus
Apr 17, 2008

show source IP behind LTM

I have several servers sitting behind clustered LTM's with half of them behind a firewall in bridge mode. On that firewall, I want to enable ACL's to allow ports / IP's access to systems behind it, but the problem I'm running into is that the source IP is always showing as the inside floater IP of the LTM (IP forwarding virtual server setup). I saw there was a QB article to fix this for HTTP requests, but I need it for other ports. All of my inside systems have the LTM's floater IP as their default gateway.

 

 

Is there anyway to see the true source IP?
application delivery
dev
devops
iRules

4 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Apr 17, 2008
    I don't see any other way around this unless, you could create individual SNAT/NAT addresses and associate with each server so that it doesn't use the inside float address.

     

     

    Hope that helps.

     

    /CB

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 18, 2008
    You can insert a custom HTTP header with the original client IP address because the HTTP protocol supports custom headers. Whether you can do this on other ports depends on the protocol. I imagine you could do this in SMTP, SIP and a few other protocols. cmbhatt's suggestion should be a good workaround if the protocol you need the client IP for doesn't support custom headers.

     

     

    Aaron
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Apr 18, 2008
    If all the inside servers have LTM as the default gateway you shouldn't need SNAT/NAT at all. LTM preserves source IP by default.

     

     

    Denny
  • Arron_1084's avatar
    Arron_1084
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2008
    All of the inside servers have the floating inside IP as the default gateway, but the source IP always shows as this same IP (inside floating IP).