Wishing to use F5 LTM as HTTP NAT

Question

I have a requirement to bypass normal security measures for servers seeking license and/or updates.
Below is the simplified version of network.
As per security requirements, Router R1 will only forward traffic to destinations matching predefined F5's Virtual Server address space - all other traffic will be dropped.
My idea is to ask Server owners to insert a cookie into HTTP Request specifying real destination IP but send traffic to VS on Border F5. Ideally, Border F5 VS's iRule would then retrieve that cookie, overwriting HTTP/1.1's HOST header and forward packets to that real destination.
My issue is - as far as I know, VS's iRule can only select from existing pools composed of static members which I can't possibly know before the HTTP Requests arrives - I can't create a pool dynamically (although, I am nor sure how LB::select actually works).
Any ideas?

mituser_21710 · Answer

Why dont you add the forwarding virtual server rather than a load balancing virtual server and match the irule. Forwarding virtual server will forward the packet based on the routing table and will send to the default gw.

epaalx · Answer

Thanks... The issue is with the Router R1 - as I wrote, it will only forward traffic to destinations matching predefined (Border) F5's Virtual Server address space - all other traffic will be dropped.

nitass · Answer

My issue is - as far as I know, VS's iRule can only select from existing pools composed of static members which I can't possibly know before the HTTP Requests arrives - I can't create a pool dynamically (although, I am nor sure how LB::select actually works). 
&nbsp; u may use RESOLV::lookup to do name resolution on-the-fly and use node command to send traffic to the destination. 
&nbsp; RESOLV::lookup 
&nbsp; http://devcentral.f5.com/wiki/iRules.resolv__lookup.ashx 
&nbsp;  
&nbsp; cheer!

epaalx · Answer

&gt; use node command 
&nbsp; That's what I was looking for... Thanks!

Forum Discussion

Wishing to use F5 LTM as HTTP NAT

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

End of Year 2022 security challenges and new year wishes

Backseat Drivers, Your Wish Has Come True

iRule to take cookie from HTTP Response into HTTP Request via table

What is HTTP Part X - HTTP/2

Http server node receives partial http request big-ip load balancer