Elissa_Porter
Jun 16, 2006Nimbostratus
Forwarding Virtual Server, Fast L4, and TCP?
We have BIPs in front of our LDAP environment. We have a requirement to only allow connections to LDAP (port 389) through our configured virtual servers, with the exception of a list of nodes that are allowed to contact LDAP on the pool members directly. I created a data group list (class) with the exception nodes in it, and have written the following iRule to accomplish this:
when CLIENT_ACCEPTED {
if { not [matchclass [IP::client_addr] equals $::ldap] } { if { [TCP::server_port] equals 389 }
{
drop
}
else {
forward
}
}
}
The syntax of the rule is ok, but the problem arises when I apply it to my Forwarding (IP) virtual server. The TCP::server_port part requires that I have a TCP profile on my forwarding virtual server, but that's not possible since it has a Fast L4 profile. Anybody know of a way I can write an iRule that will make my forwarding virtual server recognize the server_port?
thanks.