Forum Discussion

Shujaswati's avatar
Shujaswati
Icon for Altostratus rankAltostratus
Aug 06, 2019
Solved

Reverse Proxy via iRules

I am kinda new to F5 iRules and being scratching my head for last week. There's a Virtual Server with https service port that will handle traffic from Internal (VIP is nated on Firewall).

 

The above part was easy and done but here's the issue. I want to load balance the traffic on nodes but with port 4443 instead of 443 and communicate back externally on 443.

 

I wrote the below rules but all in vain.

 

Rule : 1

when HTTP_REQUEST {

  HTTP::redirect "https://[getfield [HTTP::host] ":" 1]:4443[HTTP::uri]"

  }

 

Rule : 2

when HTTP_REQUEST {

 

HTTP::redirect "https://172.25.66.103:4443"

}

 

What I saw that the F5 is communicating externally with 4443 instead. Any help will be highly appreciated.

Thanks

 

application delivery
iRules
LTM
  • Dan_Bowman's avatar
    Dan_Bowman
    Aug 06, 2019

    Yes - when you create your VIP set service port to 443 as I think you have already, but when you create your pool just set the service port of the member/s to 4443 and it should all just work 👍

5 Replies

Sort By
  • Dan_Bowman's avatar
    Dan_Bowman
    Icon for Cirrus rankCirrus
    Aug 06, 2019

    Hi Shujaswati,

     

    Not sure if I'm misunderstanding your requirement, but it looks to me like you can do what you're looking for without any iRules?

     

    Client talks to VIP over normal HTTPS port 443 > Nodes are listening on 4443?

     

    In which case set the service port on the VIP as 443, and the service port on your pool as 4443 - leave port translation enabled on the VIP (default setting) and the F5 will handle the rest seamlessly.

     

    Apologies if I've not interpreted your request correctly 😊

     

    Thanks,

     

    Dan

  • Shujaswati's avatar
    Shujaswati
    Icon for Altostratus rankAltostratus
    Aug 06, 2019

    So the node are supposed to be with port 4443 while the VIP should be created with 443? Is that what you are trying to say?

    • Dan_Bowman's avatar
      Dan_Bowman
      Icon for Cirrus rankCirrus
      Aug 06, 2019

      Yes - when you create your VIP set service port to 443 as I think you have already, but when you create your pool just set the service port of the member/s to 4443 and it should all just work 👍