Forum Discussion

LillyM_9417's avatar
LillyM_9417
Icon for Altostratus rankAltostratus
Apr 27, 2011

avoid changing source port of the connection while using SNAT

Hello,

 

 

We are using SNAT in the irule. Lets assume client's Ip address 192.1.1.1 and port 9999, after the SNAT operations

 

we manage to change the clients IP address to spesific ip address format which is Okay and works fine. But although we do not do any change in the SNAT statement in the irule about the source port ( client's port), its also changed randomly. Is there any way to preserve source port same? We do not want to change the source port we want it to remain same.

 

 

Any help will be greatful.

 

 

Thanks a lot in advance.

 

 

Lilly
config
design

2 Replies

Sort By
  • George_Watkins_'s avatar
    George_Watkins_
    Historic F5 Account
    Apr 27, 2011
    Hi LillyM,

     

     

    If you are using version 10.x, there is a setting under the virtual server labeled "Source Port." If you set it to "preserve," the client's original source port should be retained. If the source port is already in use by another connection, TMM will select another source port at random. There is also an option called "preserve strict," which you may or may not want to use depending on your situation. In "preserve strict" mode, if the port is already in use, TMM will use the port anyway making the original source of the traffic indistinguishable to the origin server. There are a few cases where this may work, but we don't recommend it unless you have a specific use case for it.

     

     

    Hope this helps,

     

     

    -George
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 02, 2011
    Some replies here too:

     

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/aft/1178740/showtab/groupforums/Default.aspx

     

     

    Aaron