Redirect based on source IP to an external IP
Hi All,
Question as to the best way to do this...either using a LTM or GTM. We are migrating a service from internally to a SAS based solution and we want to redirect servers in a few internal subnets if they go to the LTM VIP to an external SAS IP/location not hosted on the LTM.
We have a total of 4 VIPS, each listening to different ports.
Internal VIP: 1.1.1.1 port 22 Internal VIP: 1.1.1.1 port 21 Internal VIP: 1.1.1.1 port 443 Internal VIP: 1.1.1.1 port 8443
Objectives:
if you come in to this VIP with source address of 172.16.10.0/24 and 172.16.11.0/24, you will get redirected to the external IP with matching ports...otherwise if you are coming in from the 10.0.0.0/8 network or anything not matching the data group containing the above two subnets, you can connect to the local LTM VIP 1.1.1.1[port 21/22/443/8443] on as normal. We only want to send connection request to the external SAS if you come from the two 172.16.10 and .11 subnets.
Internal IP: 2.2.2.2 port 22 Internal IP: 2.2.2.2 port 21 Internal IP: 2.2.2.2 port 443 Internal IP: 2.2.2.2 port 8443
Also in this irule to redirect to an external IP for non-https redirect, do you need to "proxy" this traffic through the F5 (i.e. need route incoming connections to get to 2.2.2.2 for port 21/22). Note that once connections coming from the 172.16.10.x and 172.16.11.x hits the LTM, the should connect directly to 2.2.2.2 and therefore not need the F5 further...can you do this or
Would a GTM be a better solution for all of this. I rather not use the GTM and do all of this on the LTM if possible....
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals REDIRECT-IF-SUBNET-IS-IN-THIS-DG] } {
HTTP::redirect "https://2.2.2.2"
HTTP::redirect "https://2.2.2.2:8443"
...what is the format to also redirect to 2.2.2.2:21
...and redirect to 2.2.2.2:22
}
else
pool MY-INTERNAL-VIP-FOR-ALL-OTHERS
}
}
}
Thanks all!