Forum Discussion
AaronJB
Jan 22, 2007SIRT
Thank you Nacho, I will have a word with the NSE in question regarding his advice;
I think he may have mentioned iRules with regard to saving the connection details out into a logfile on the LTM unit, rather than so that you can insert the original client IP address into the SMTP session (I will clarify that with him, however)
If you want to log these connections on the LTM rather than to have the original client IP logged on the mailserver then that is relatively straightforward to achieve on the LTM with an iRule along the lines of the following:
rule log_smtp_connections {
when SERVER_CONNECTED {
log local0. "SMTP connection from [IP::client_addr]:[TCP::client_port]. \
Mapped to [serverside {IP::local_addr}]:[serverside {TCP::local_port}] \
-> [IP::server_addr]:[serverside {TCP::remote_port}]"
}
}
Which will produce log entries like the following in /var/log/ltm (examine the syslog configuration if you want to send it elsewhere, and specify the relevant facility and level in the log command):Jan 22 15:09:31 tmm tmm[1580]: Rule logger_rule : SMTP connection from 192.168.151.52:2540. Mapped to 10.0.220.1:2540 -> 10.0.0.10:25
As you can see, the various sections of that command are: [IP::client_addr] -- the original source IP
[TCP::client_port] -- the original source ephemeral
[serverside {IP::local_addr}] -- the SNAT source IP
[serverside {TCP::local_port}] -- the ephemeral source on the BIG-IP
[IP::server_addr] -- the node IP
[serverside {TCP::remote_port}] -- the node destination port (25)
I hope that helps.
--
Aaron