Discussion:
remap based on source IP or destination port
Dk Jack
2018-09-28 04:31:21 UTC
Permalink
Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
something like this:

map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/

or

map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/

With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
listen port. Tried this:

regex_remap http://.*:8081/ http://10.1.10.1:8080/
@actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
@actio=allow @src_ip=10.1.1.2

Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.

The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.

Regards,
Dk.
Alan Carroll
2018-09-28 14:37:29 UTC
Permalink
I would be tempted to see if header_rewrite can do what you want. There are
a wider variety of conditionals available there. You could hook it up to
only run on your regex_remap line and "override" the remap rule result as
needed. I haven't use map_with_recv_port so I can't say if it could be made
to work. You might try testing that with the debug tag 'http|url_rewrite'
and see what shows up.
Post by Dk Jack
Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/
or
map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
regex_remap http://.*:8081/ http://10.1.10.1:8080/
@actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
@actio=allow @src_ip=10.1.1.2
Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.
The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.
Regards,
Dk.
--
*Beware the fisherman who's casting out his line in to a dried up riverbed.*
*Oh don't try to tell him 'cause he won't believe. Throw some bread to the
ducks instead.*
*It's easier that way. *- Genesis : Duke : VI 25-28
Dk Jack
2018-09-28 18:37:12 UTC
Permalink
Thanks Alan,
Will explore that...

/D
Post by Alan Carroll
I would be tempted to see if header_rewrite can do what you want. There are
a wider variety of conditionals available there. You could hook it up to
only run on your regex_remap line and "override" the remap rule result as
needed. I haven't use map_with_recv_port so I can't say if it could be made
to work. You might try testing that with the debug tag 'http|url_rewrite'
and see what shows up.
Post by Dk Jack
Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/
or
map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
regex_remap http://.*:8081/ http://10.1.10.1:8080/
@actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
@actio=allow @src_ip=10.1.1.2
Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.
The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.
Regards,
Dk.
--
*Beware the fisherman who's casting out his line in to a dried up riverbed.*
*Oh don't try to tell him 'cause he won't believe. Throw some bread to the
ducks instead.*
*It's easier that way. *- Genesis : Duke : VI 25-28
Leif Hedstrom
2018-09-28 17:06:44 UTC
Permalink
Post by Dk Jack
Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/ <http://10.1.10.2:8080/>
No, I’d expect it to look like this

map_with_recv_port http://example.com:8081 <http://example.com:8081/> http://10.1.10.1:8080/ <http://10.1.10.1:8080/>
map_with_recv_port http://example.com:8082 <http://example.com:8082/> http://10.1.10.2:8080/ <http://10.1.10.2:8080/>


The only (afaik) difference I know is that the match is done on the incoming port rather than what the request sent in the Host: header. So, a request like this (that connects to port server port 8081) would still match the above:

GET / HTTP/1.1
Host: example.com <http://example.com/>


(notice the absence of a port in the request). This feature was done, I believe, where you might have a router, switch or load balancer in front of ATS, which remaps the incoming port (say 80) to a different destination port (say 8081) based on something else (like, source IP).


Try it and see if that helps.

— leif
Post by Dk Jack
or
map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
regex_remap http://.*:8081/ http://10.1.10.1:8080/
@actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
@actio=allow @src_ip=10.1.1.2
Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.
The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.
Regards,
Dk.
Dk Jack
2018-09-28 18:43:31 UTC
Permalink
Thanks for answering Leif,
With some trail and error I came to the same conclusion last night after I had sent my email. That seems to work.

However, this requires me to configure the each client side LB to send on a specific port. I’ll explore Alan’s suggestion and see if I can make work the way I want. Otherwise, I’ll have to live with this. Thanks again.
Post by Leif Hedstrom
Post by Dk Jack
Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/
No, I’d expect it to look like this
map_with_recv_port http://example.com:8081 http://10.1.10.1:8080/
map_with_recv_port http://example.com:8082 http://10.1.10.2:8080/
GET / HTTP/1.1
Host: example.com
(notice the absence of a port in the request). This feature was done, I believe, where you might have a router, switch or load balancer in front of ATS, which remaps the incoming port (say 80) to a different destination port (say 8081) based on something else (like, source IP).
Try it and see if that helps.
— leif
Post by Dk Jack
or
map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
regex_remap http://.*:8081/ http://10.1.10.1:8080/
@actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
@actio=allow @src_ip=10.1.1.2
Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.
The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.
Regards,
Dk.
Loading...