Forum Discussion
John_McInnes_44
Oct 05, 2006Nimbostratus
I found this post again through a search and thought that I would try it out.
Unfortunately citizen_elah's idea doesn't really work 100%.
Indeed the LTM will let you build the config, and you get forwarding and port inspection in iRules.
Unfortunately you also get a situation where any connection through the wildcard virtual server is immediately accepted (eg, telnet outward to any IP on any port), then reset if the remote host doesn't have that port open, or the TCP session will continue if the remote host has the port open.
So it seems that the LTM will-
- Accept the wildcard connection from the client (internal side)
- Attempt to build the connection to the remote host (external side)
then
- Reset the connection if the port isn't open on the remote host
OR
- Proceed normally if the port is open on the remote host
In summary, it works but its not very elegant.
What we need is for F5 to fix the forwarding virtual server so that we can do proper TCP or UDP port inspection.
- John