F5: Difference between revisions

F5 (view source)

Revision as of 17:16, 1 May 2024

1,823 bytes added , 18 days ago

→‎F5 Configuration

Amanjosan2008

Bureaucrats, Administrators

4,400

edits

Revision as of 22:14, 30 April 2024 (view source) Amanjosan2008 (talk \| contribs) (→‎Create VLAN) ← Older edit		Revision as of 17:16, 1 May 2024 (view source) Amanjosan2008 (talk \| contribs) (→‎F5 Configuration) Newer edit →
(11 intermediate revisions by the same user not shown)
Line 115: * Topology [client]-------------------------[ F5 ]------------------------[server] 192.168.45.121 192.168.45.21 \| 192.168.68.15 192.168.68.108 \| 192.168.122.217 Line 131: * Create 3 virtual bridge interfaces: ;virbr0 (Ignore if already existing) ~~;virbr0~~ vim virbr0.xml Line 251: * The above rules might not survive reboot of host, hardcoding them: sudo yum install iptables-services ~~{{UC}}~~ sudo systemctl start iptables sudo systemctl enable iptables sudo service iptables save * Apply License Line 329 ⟶ 332: * Basic config: sudo vi /etc/hostname # change hostname sudo yum install httpd sudo systemctl enable httpd sudo systemctl start httpd sudo systemctl status httpd sudo iptables -F === Install WebServer === Line 350 ⟶ 359: * Obtaining Console access: sudo virsh console server sudo iptables -F == F5 Configuration == ~~{{UC}}~~ === Create VLAN === Line 372 ⟶ 381: === Create SelfIP === <pre> ~~{{UC}}~~ net self SelfIpforPool { address 192.168.68.15/24 traffic-group traffic-group-local-only vlan myVlan } </pre> === Create Pool === <pre> ~~{{UC}}~~ ltm pool myPool { members { server1:http { address 192.168.68.108 logging enabled session monitor-enabled state up } } monitor http } </pre> === Create VS === <pre> ~~{{UC}}~~ ltm snat-translation 192.168.68.7 { address 192.168.68.7 inherited-traffic-group true traffic-group traffic-group-1 } ltm snatpool mySNatIP { members { 192.168.68.7 } } </pre> <pre> ltm virtual myVS { creation-time 2024-04-30:09:50:10 destination 192.168.45.21:http ip-protocol tcp last-modified-time 2024-05-01:02:29:35 mask 255.255.255.255 pool myPool profiles { tcp { } } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { pool mySNatIP type snat } translate-address enabled translate-port enabled vlans { ExternalVlan } vlans-enabled vs-index 2 } </pre> === Enable Internet Access on VMs === ; On VMs: * Add Interface for the common network on host to the VMs: sudo virsh attach-interface --type bridge --source virbr0 --model virtio client ; On Host: sudo sysctl -w net.ipv4.ip_forward=1 sudo iptables --table nat --append POSTROUTING --out-interface ens192 -j MASQUERADE # ens192 is default exit interface in Host sudo iptables --insert FORWARD --in-interface virbr0 -j ACCEPT # virbr0 is newly added interface in VM