Application Delivery (ADX)

Reply
Contributor
Posts: 39
Registered: ‎05-04-2009

ServerIron - reverse-nat functionality - any insights?

I am porting a ServerIron 4G configuration to an ADX 1000 - reverse-nat is part of the configuration and I am not quite sure how it is working to be honest. Any insights available?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: ServerIron - reverse-nat functionality - any insights?

Have you checked the following:

http://www.brocade.com/sites/dotcom/support/Product_Manuals/ServerIron_SLBGuide/slb.2.21.html

Reverse-NAT is basically doing NAT for connection which are getting initiated by the real server itsef. Some applications do require real server initiated connections and it is important to ensure that the ServerIron is going to replace the real server IPs with a virtual server IP in this case.

Contributor
Posts: 39
Registered: ‎05-04-2009

Re: ServerIron - reverse-nat functionality - any insights?

This was indeed useful but I still do not really understand the meaning of the default port. Are you able to explain it in a few words?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: ServerIron - reverse-nat functionality - any insights?

Reverse-nat does not do the port translation for all TCP/UDP ports by default. Here is an example configuration:

server reverse-nat
!
context default
!
server real rs101 192.168.9.101
port 32768
port 32769
port 32770
!
!
server virtual vs222 192.168.8.222
port 32768
port 32769
port 32770
bind 32768 rs101 32768
bind 32769 rs101 32769
bind 32770 rs101 32770

Reverse-nat is enabled and it is going to translate the real server IP address 192.168.9.101 to the virtual servers IP 192.168.8.222 whenever the real server itself initiates a connection via the ServerIron to the outside world using 32768, 32769 or 32770 as source port for its connections. The ServerIron is NOT doing reverse-nat for sessions which are not related to these ports.

The default port is a "placeholder" and you can think of it as being ALL ports (1-65535) - adding the following binding to the virtual server vs222

bind default rs101 default

Is going to enable reverse-nat for ALL real server initiated connections because the ServerIron is looking for ALL potential source ports now.

Makes sense?

Contributor
Posts: 39
Registered: ‎05-04-2009

Re: ServerIron - reverse-nat functionality - any insights?

Cool. Thanks!

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.