Guys I must still be missing something and my bad for not providing more details. I have a VIP setup for TCP 135 and I want the portmapper traffic to be allowed through less I create 65k VIP's. I applied what you mentioned Hoolio, but I still can't get the portmapper ports (<1023) to pass through the LTM. Here is more detailed information:
[root@xxxxxxx:Active] / b virtual Exch_135_vs
VIRTUAL 10.10.1.100 UNIT 1
| ARP: enabled
| (cur, max, limit, tot) = (0, 81, 0, 2345)
| (pkts,bits) in = (40493, 62.77M), out = (41673, 259.2M)
+-> SERVER Exch_135_vs SERVICE 135
| PVA acceleration none
| (cur, max, limit, tot) = (0, 42, 0, 859)
| (pkts,bits) in = (3675, 3.378M), out = (3245, 3.682M)
| requests (total) = 649
+-> RULE Exch_rpc_test
| +-> CLIENT_ACCEPTED 1 total 0 fail 0 abort
+-> POOL Exch_135_pl LB METHOD round robin MIN/CUR ACTIVE MEMBERS: 0/2
| conns (cur, max, limit, tot) = (0, 7, 0, 110)
| (pkts,bits) in = (2021, 2.112M), out = (1802, 2.995M)
+-> POOL MEMBER Exch_135_pl/10.10.10.8:135 ACTIVE,UP SESSIONS ENABLED
| | priority 1 ratio 1 dynamic ratio 1
| | conns (cur, max, limit, tot) = (0, 4, 0, 30)
| | (pkts,bits) in = (1241, 1.433M), out = (1160, 2.186M)
| | requests (total) = 30
+-> POOL MEMBER Exch_135_pl/10.10.10.45:135 ACTIVE,UP SESSIONS ENABLED
| priority 1 ratio 1 dynamic ratio 1
| conns (cur, max, limit, tot) = (0, 3, 0, 80)
| (pkts,bits) in = (780, 678680), out = (642, 809248)
| requests (total) = 80
[root@xxxxxxx:Active] /
[root@xxxxxxx:Active] / b virtual Exch_135_vs list
virtual Exch_135_vs {
destination 10.10.1.100:135
snatpool Exch_135_sn_pl
ip protocol tcp
persist source_addr
pool Exch_135_pl
rule Exch_rpc_test
}
[root@xxxxxxx:Active] /
[root@xxxxxxx:Active] /
[root@xxxxxxx:Active] / b pool Exch_135_pl
POOL Exch_135_pl LB METHOD round robin MIN/CUR ACTIVE MEMBERS: 0/2
| conns (cur, max, limit, tot) = (0, 7, 0, 110)
| (pkts,bits) in = (2021, 2.112M), out = (1802, 2.995M)
+-> POOL MEMBER Exch_135_pl/10.10.10.8:135 ACTIVE,UP SESSIONS ENABLED
| | priority 1 ratio 1 dynamic ratio 1
| | conns (cur, max, limit, tot) = (0, 4, 0, 30)
| | (pkts,bits) in = (1241, 1.433M), out = (1160, 2.186M)
| | requests (total) = 30
+-> POOL MEMBER Exch_135_pl/10.10.10.45:135 ACTIVE,UP SESSIONS ENABLED
| priority 1 ratio 1 dynamic ratio 1
| conns (cur, max, limit, tot) = (0, 3, 0, 80)
| (pkts,bits) in = (780, 678680), out = (642, 809248)
| requests (total) = 80
[root@xxxxxxx:Active] / b pool Exch_135_pl list
pool Exch_135_pl {
monitor all tcp
member 10.10.10.8:135
member 10.10.10.45:135
}
[root@xxxxxxx:Active] /
[root@xxxxxxx:Active] / b snatpool Exch_135_sn_pl list
snatpool Exch_135_sn_pl {
member 10.1.1.55
}
[root@xxxxxxx:Active] /
Is this LTM aware of what the portmapped port is and then only allows the mapped port back though (in which case my testing if the problem - not the iRule)? Any ideas?