Forum Discussion

Chris_18457's avatar
Chris_18457
Icon for Cirrus rankCirrus
Aug 08, 2012

Outbound iRule, BigIP default GW

First post and still pretty new to iRules, but I've found lots of good information here that has helped me get our LTM up and running so far. I've done a number of searches, but haven't found the situation I'm in. Here goes...

 

 

I'm working on an iRule to take unencrypted SMTP traffic, pass it through the LTM, have the LTM establish the TLS tunnel (offload SSL to the LTM) on its way to the Internet destination. I've built an iRule based off of https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/2161044/showtab/groupforums/Default.aspx.

 

 

In my setup, the LTM is the default gateway for the SMTP server to transmit to the Internet. I've created a SNAT to translate RFC1918 IPs to public Internet addresses, and that works great. My question is, how can I apply an iRule without creating a virtual server? And if I create a virtual server does this mean the default gateway for this server has to change?

 

 

Let me know if I am taking the right approach.

 

 

Chris

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Aug 08, 2012
    In you case you create a Virtual that listens on 0.0.0.0:25 and attach the iRule to this virtual. THis will pick up all port 25 traffic that does not have a more specify virtual created.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 08, 2012
    Yep, as Richard says, you need a virtual server to attach an iRule to as a bare SNAT doesn't support this. A VS provides more functionality and control though, so this is generally a better idea anyhow.

     

     

    The routing will work the same as with a SNAT. If the traffic was making it to LTM with the SNAT, it will still work with the virtual server.

     

     

    Aaron
  • Chris_18457's avatar
    Chris_18457
    Icon for Cirrus rankCirrus
    Aug 09, 2012
    Thanks for the input. While I was setting this up, I noticed that the virtual is shown as a blue square (unknown, enabled, but no member nodes aval). Since we are not load balancing against anything, would this cause a problem?

     

     

    Not seeing the iRule kick off yet, but I am doing some debugging as I type. More to come.
  • Chris_18457's avatar
    Chris_18457
    Icon for Cirrus rankCirrus
    Aug 09, 2012
    Got it working! Set the Virtual server as a network instead of a host, and traffic began flowing. Thanks again for the help!