SNAT - originating client IP

Question

In a  SNAT Pool setup, if you want to find out the client IP connecting to a  VIP, is the only way to run tcpdump?&nbsp;
If yes, then the tcpsump should be run against all snat pool IPs?&nbsp;
 &nbsp;
Thanks&nbsp;

hooleylist · Answer

Hi Samurai, 
&nbsp;  
&nbsp; If you're using the SNAT pool on a virtual server, you could use an iRule to log the source IP address TMM uses: 
&nbsp;  
&nbsp; when SERVER_CONNECTED {  
&nbsp; log local0. "Complete connection: Client: [IP::client_addr]:[TCP::client_port]&lt;-&gt; Virtual: [clientside {[IP::local_addr]:[TCP::local_port]}] LTM source [IP::local_addr]:[TCP::local_port] &lt;-&gt; Server: [IP::server_addr]:[TCP::server_port]"  
&nbsp; }  
&nbsp;  
&nbsp; If you have a lot of connections going through the virtual server, it would be a lot more efficient to use High Speed Logging to send the logs to a remote log server: 
&nbsp; https://devcentral.f5.com/wiki/iRules.hsl.ashx 
&nbsp;  
&nbsp; Aaron

samurai · Answer

Aaron, Thank you!&nbsp;

Forum Discussion

SNAT - originating client IP

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

F5 Distributed Cloud Origin Server Subset Rules

SNAT IP address logging

Enhance your Application Security using Client-side signals

SNAT pool persistence

iRule based RADIUS Client Stack