Forum Discussion

Mike_61640's avatar
Mike_61640
Icon for Nimbostratus rankNimbostratus
Feb 10, 2012

Port redirect on return traffic

I have a situation where the client network will only allow port UDP9010 through the firewall.

 

 

The scenario is a device connects to a VIP on the F5 using UDP 9010 and needs to have the response directed back to them on port UDP 9010. Since the F5 will try and send it back based on the clients source port (random ephemeral port), I need to find a way to change that port to 9010. Since this is UDP and therefore connectionless, as long as the response is going to the correct IP, I don't need to maintain any kind of state.

 

 

 

I posted this in the iRules forum as well, but thought this may be a design question.

 

 

 

Not sure if an iRule or possibly using a L4 forwarding scenario for outbound traffic would work, but I haven't been able to find a good solution.

 

 

 

Any help is appreciated.

 

 

 

Thanks,

 

Mike

 

1 Reply

  • not sure if it works.

     

     

    maybe we create two virtual servers. one is to handle incoming udp 9010 and the other one is to take care return udp traffic. both virtual servers set immediate timeout.

     

     

    additionally, we have to maintain some connection information manually. so, bigip will be able to direct the return traffic to correct client. this could be done using table command.

     

     

    just my 2 cents.