Forum Discussion

Angelo's avatar
Angelo
Icon for Nimbostratus rankNimbostratus
May 22, 2013

SMTP

Hi

 

 

I found a irule on the dev-central to insert the client IP address as it passes throw the F5 and not the SNAT IP address

 

 

when SERVER_CONNECTED {

 

scan [IP::client_addr] {%d.%d.%d.%d} a b c d

 

TCP::option set 29 [binary format cccc $a $b $c $d] all

 

}

 

but from my postfix server i can still see the traffic coming from the floating IP address is there anyway to do this..

 

 

2013-05-22T11:48:21.515573+02:00 linux postfix/smtpd[8177]: disconnect from unknown[192.168.20.53]

 

2013-05-22T11:50:50.280023+02:00 linux postfix/qmgr[8138]: CC9CBAFC27: from=, size=178, nrcpt=1 (queue active)

 

2013-05-22T11:51:10.355274+02:00 linux postfix/smtp[8215]: CC9CBAFC27: to=, relay=none, delay=622, delays=602/0.01/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=eoh.co.za type=MX: Host not found, try again)

 

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 22, 2013
    Angelo, that rule adds the original IP to a TCP option header. The SNAT address is still used to initiate the connection and will be seen in the logs. You'll need to somehow extract the original client IP from the TCP header and log that instead. I've no idea how.

     

     

    I assume you actually need the SNAT to occur right but you want to log the original client IP?
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 22, 2013
    It should be but I've no idea how it's done I'm afraid.

     

     

    Is parsing the http://en.wikipedia.org/wiki/X-Originating-IP contents possible as an alternative?