virtual command not working
Hello,
I hope you could help me (I'm sorry if my question is too simple, i am a begginer in F5 world):
I am trying to make it work the solution offered by Colin in this topic:
I 've followed the steps, but by the moment it doesn't work and now I'm completely stuck
The thing is, it seems like the 'virtual' command in the first iRule is not calling the second iRule. I inserted some log commands in the iRules, and the process stops in the first iRule, and never reaches the second one. I also can see that in the statistics for the second Virtual Server, that are totally zeroed
This is the first VS (VS-PRE-FTPS_1):
ltm virtual VS-PRE-FTPS_1 {
destination X.X.X.X:ftp
ip-protocol tcp
mask 255.255.255.255
persist {
source_addr_FTPS {
default yes
}
}
profiles {
Profile-WildcardPCS-2014-2016-SHA1 {
context clientside
}
ftp { }
tcp { }
}
rules {
irule_FTPS_1
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 81
}
This is the first VS iRule (irule_FTPS_1):
when CLIENT_ACCEPTED {
log local0. "client accepted"
SSL::disable
TCP::respond "220 My ftp server\r\n"
TCP::collect
}
when CLIENT_DATA {
log local0. "client data"
TCP::respond "234 AUTH TLS Successful\r\n"
TCP::payload replace 0 [TCP::payload length] ""
virtual VS-PRE-FTPS_2
SSL::enable
TCP::release
log local0. "TCP Release Completed"
}
This is the second VS (VS-PRE-FTPS_2):
ltm virtual VS-PRE-FTPS_2 {
destination any:any
internal
ip-protocol tcp
mask any
persist {
source_addr_FTPS {
default yes
}
}
pool pool-preweb-ftp
profiles {
tcp { }
}
rules {
irule_FTPS_2
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address disabled
translate-port disabled
vlans-enabled
vs-index 82
}
This is the second VS iRule (irule_FTPS_2):
when CLIENT_ACCEPTED {
TCP::collect
log local0. "client accepted"
}
when CLIENT_DATA {
if { [TCP::payload] contains "PBSZ" } {
TCP::payload replace 0 [TCP::payload length] ""
TCP::respond "200 PBSZ 0 successful\r\n"
log local0. "client data1"
} elseif { [TCP::payload] contains "PROT P" } {
TCP::respond "200 Protection set to Private\r\n"
TCP::payload replace 0 [TCP::payload length] ""
log local0. "client data2"
} elseif { [TCP::payload] contains "FEAT" } {
TCP::payload replace 0 [TCP::payload length] ""
TCP::respond "211-Features: MDTM REST STREAM SIZE AUTH TLS PBSZ PROT\r\n211 End\r\n"
log local0. "client data3"
}
TCP::release
TCP::collect
}
when SERVER_CONNECTED {
TCP::collect
log local0. "server connected"
}
when SERVER_DATA {
if { [TCP::payload] contains "220 " } {
TCP::payload replace 0 [TCP::payload length] ""
log local0. "server data1"
} elseif { [TCP::payload] contains "Entering Passive Mode" } {
You need to modify this section if your servers are not
configured to hand out the VIP address for Passive transfers.
log local0. "server data2. sustituyendo IP respuesta"
regsub {Z,Z,Z,Z} [TCP::payload] "X,X,X,X" tmpstr
TCP::payload replace 0 [TCP::payload length] $tmpstr
}
TCP::release
TCP::collect
}
And this is the log i get in the F5:
May 18 16:41:50 balanceador2 info tmm1[9754]: Rule /Common/irule_FTPS_1 : client accepted
May 18 16:41:50 balanceador2 info tmm1[9754]: Rule /Common/irule_FTPS_1 : client data
May 18 16:41:50 balanceador2 info tmm1[9754]: Rule /Common/irule_FTPS_1 : TCP Release Completed
May 18 16:41:55 balanceador2 info tmm[9754]: Rule /Common/irule_FTPS_1 : client accepted
May 18 16:41:55 balanceador2 info tmm[9754]: Rule /Common/irule_FTPS_1 : client data
May 18 16:41:55 balanceador2 info tmm[9754]: Rule /Common/irule_FTPS_1 : TCP Release Completed
And in the FTP client (FileZilla in this case, but I tried with WinSCP too):
Status: Connecting to X.X.X.X:21...
Status: Connection established, waiting for welcome message...
Response: 220 My ftp server
Command: AUTH TLS
Response: 234 AUTH TLS Successful
Status: Initializing TLS...
Error: GnuTLS error -58: An illegal TLS extension was received.
Error: Could not connect to server
Status: Waiting to retry...
Status: Delaying connection for 1 second due to previously failed connection attempt...
Status: Connecting to X.X.X.X:21...
Status: Connection established, waiting for welcome message...
Response: 220 My ftp server
Command: AUTH TLS
Response: 234 AUTH TLS Successful
Status: Initializing TLS...
Error: GnuTLS error -58: An illegal TLS extension was received.
Error: Could not connect to server
could someone give me the clue about what i am doing wrong?
thanks in advance