Solved

How to extract out all NAT entries in F5 loadbalancer (into csv or text format)

Posted on 2014-10-11
5
1,523 Views
Last Modified: 2014-11-03
Currently we key in IP addr one by one into a URL to get the NAT'ing entries.
I want all of them extracted out in one go to a csv / text file as I have lots of
searching to do for my reporting purpose.

Q1:
How to export out all NAT entries in F5 loadbalancer (into csv or text format)?

Q2:
Does F5 LB run a custom Linux/Unix which I can login at command prompt
to 'copy out' files?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 40374519
>Does F5 LB run a custom Linux/Unix which I can login at command prompt
>to 'copy out' files?
In one older version of F5, I've seen a collegue login to the Linux command
prompt but I don't know which file in which folder hold the NAT info
0
 

Author Comment

by:sunhux
ID: 40374520
What's the default F5 Linux login id & password?
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40375228
(1) F5 F5 (asumming v10.x) has config text file which will have the NAT in the virtual pool
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_save_and_load_cmds.html

e.g. some of the common files are
/config/bigip.conf      main configuration file containing objects for local application traffice such as pools, virtuals servers, pools etc.
/config/bigip.license      system licenses
/config/bigip_base.conf      networking components (bigpipe base load) not sync`d for HA setups.
/config/bigip_local.conf      stores virtuals servers for GTM
/config/bigip_sys.conf      stores the Linux/UNIX configuration objects
/etc/alertd/alert.conf      defines custom SNMP OID`s.

also there is a UCS file that contain all BIG-IP specific configuration files, BIG-IP product licenses, User accounts and password information, DNS zone files and ZoneRunner configuration and SSL certificates and keys. You should be able to export this out as well. By default, the BIG-IP system saves the UCS archive file in the /var/local/ucs directory. See the TMSH (cmd line) which is handy

https://elguber.wordpress.com/tag/f5/
e.g. show /ltm snat, show /ltm snatpool

http://satish-linuxbug.blogspot.sg/2013/02/bigip-f5-command-line-bigpipe-vs-tmsh.html
e.g. show /ltm nat all or list /ltm nat all-properties

(2) You can catch "SOL175: Transferring files to or from an F5 system".
https://support.f5.com/kb/en-us/solutions/public/0000/100/sol175.html
Hostname/IP address: <Enter the IP address of either your F5 device Management Port or self IP that is configured to accept SSH traffic on port 22>
Port: 22
Username: <Enter the desired F5 device user account that is configured with Advanced Shell (bash) access>
Password: <Enter the password for the desired F5 device user account>
0
 

Author Comment

by:sunhux
ID: 40388949
> ... the NAT in the virtual pool
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_save_and_load_cmds.html

Read the above URL & I think it refers to SNAT; if I'm not mistaken, SNAT
(Static NAT?) is different from NAT with SNAT used only in GTM, not LTM.


The following look promising & I'll try them when I'm back in office in
2 weeks' time:
e.g. show /ltm snat, show /ltm snatpool
e.g. show /ltm nat all or list /ltm nat all-properties
0
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points
ID: 40389503
IN F5 parlance, SNAT meant secure NAT (https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7820.html) - maps the source client IP address in a request to a translation address defined on the BIG-IP devices. In other words, applicable to GTM too. E.g. Packet flow can be using "snat automap" settings in ltm virtual "DNS_listener".

SNAT is used in the show in the tmsh will help  and actually alll the config is in the UCS files. Entries in the bigip.conf file represent the result of using the Configuration utility to configure the BIG-IP system.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question