Nik
May 02, 2014Cirrus
Logging outgoing SNAT List connections
I have a number of servers in snat lists and we're trying to figure out what servers are actually making connections. I haven't found anyplace to do this.. any ideas if it's possible?
I guess, a wildcard virtual server is listening on the internal VLAN and forwards outgoing connection, right? In this case the iRule above assigned to this virtual server will log the internal server in the first log statement. The second log statement lists the used SNAT address as local address. Feel free to combine the log statements into a single one.
An alternative approach for just monitoring the current open connection would be the "tmsh show sys conn" command.
By specifying a client´s IP address (option "cs-client-addr") you can lookup your current connection table. Here is an example to display connections intiated by 10.131.131.201: tmsh show sys conn cs-client-addr 10.131.131.201
Sys::Connections
10.131.131.201:50266 10.131.131.141:80 10.131.131.131:50266 10.131.131.121:80 tcp 1 (tmm: 0) none
Total records returned: 1
Client 10.131.131.201 tries to connect and gets SNATed by 10.131.131.131 when being connected to 10.131.131.121.
Be carefull when using this command in the context of large connection tables, please! Thanks, Stephan