[f-nsp] Foundry ServerIron - source-nat
Raja Subramanian
rajasuperman at gmail.com
Thu Nov 1 15:14:01 EDT 2007
On 11/1/07, Gaurav Sabharwal <gaurav at inwire.net> wrote:
> We have a ServerIron XL Load Balancer on which we do SLB for mysql and
> http. We have source-nat enabled. In order to get the client IP address
> in the log file for statistics, etc. I wanted to disable the source-nat
> for one particular VIP compromising of two real servers.
>
> After disabling the source-nat from the real servers, the traffic to the
> real server stops. Below is the relevant configuration.
Return traffic from your server needs to flow back through the SI.
source-nat ensures that this happens. If you disable source-nat, you
need to:
1. set the SI as your real server's gateway, or
2. put the SI physically inline between the real server and it's gateway
eg. connect the real-server directly to the SI port
Couple of things to test:
Run tcpdump/ethereal on your real server and check if TCP SYN packets
reach your real server. And also check where the return traffic from your
server is headed, it should not bypass your SI.
> #sh ver
> SW: Version 07.3.05T12 Copyright (c) 1996-2002 Foundry Networks, Inc.
> Compiled on Jul 18 2002 at 17:20:18 labeled as SLB07305
Your firmware is very old, consider upgrading to 9.x. Or 10.x if you're
feeling brave.
- Raja
More information about the foundry-nsp
mailing list