Solved

How to extract out all NAT entries in F5 loadbalancer (into csv or text format)

Posted on 2014-10-11
5
1,265 Views
Last Modified: 2014-11-03
Currently we key in IP addr one by one into a URL to get the NAT'ing entries.
I want all of them extracted out in one go to a csv / text file as I have lots of
searching to do for my reporting purpose.

Q1:
How to export out all NAT entries in F5 loadbalancer (into csv or text format)?

Q2:
Does F5 LB run a custom Linux/Unix which I can login at command prompt
to 'copy out' files?
0
Comment
Question by:sunhux
  • 3
  • 2
5 Comments
 

Author Comment

by:sunhux
Comment Utility
>Does F5 LB run a custom Linux/Unix which I can login at command prompt
>to 'copy out' files?
In one older version of F5, I've seen a collegue login to the Linux command
prompt but I don't know which file in which folder hold the NAT info
0
 

Author Comment

by:sunhux
Comment Utility
What's the default F5 Linux login id & password?
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
(1) F5 F5 (asumming v10.x) has config text file which will have the NAT in the virtual pool
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_save_and_load_cmds.html

e.g. some of the common files are
/config/bigip.conf      main configuration file containing objects for local application traffice such as pools, virtuals servers, pools etc.
/config/bigip.license      system licenses
/config/bigip_base.conf      networking components (bigpipe base load) not sync`d for HA setups.
/config/bigip_local.conf      stores virtuals servers for GTM
/config/bigip_sys.conf      stores the Linux/UNIX configuration objects
/etc/alertd/alert.conf      defines custom SNMP OID`s.

also there is a UCS file that contain all BIG-IP specific configuration files, BIG-IP product licenses, User accounts and password information, DNS zone files and ZoneRunner configuration and SSL certificates and keys. You should be able to export this out as well. By default, the BIG-IP system saves the UCS archive file in the /var/local/ucs directory. See the TMSH (cmd line) which is handy

https://elguber.wordpress.com/tag/f5/
e.g. show /ltm snat, show /ltm snatpool

http://satish-linuxbug.blogspot.sg/2013/02/bigip-f5-command-line-bigpipe-vs-tmsh.html
e.g. show /ltm nat all or list /ltm nat all-properties

(2) You can catch "SOL175: Transferring files to or from an F5 system".
https://support.f5.com/kb/en-us/solutions/public/0000/100/sol175.html
Hostname/IP address: <Enter the IP address of either your F5 device Management Port or self IP that is configured to accept SSH traffic on port 22>
Port: 22
Username: <Enter the desired F5 device user account that is configured with Advanced Shell (bash) access>
Password: <Enter the password for the desired F5 device user account>
0
 

Author Comment

by:sunhux
Comment Utility
> ... the NAT in the virtual pool
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_save_and_load_cmds.html

Read the above URL & I think it refers to SNAT; if I'm not mistaken, SNAT
(Static NAT?) is different from NAT with SNAT used only in GTM, not LTM.


The following look promising & I'll try them when I'm back in office in
2 weeks' time:
e.g. show /ltm snat, show /ltm snatpool
e.g. show /ltm nat all or list /ltm nat all-properties
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points
Comment Utility
IN F5 parlance, SNAT meant secure NAT (https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7820.html) - maps the source client IP address in a request to a translation address defined on the BIG-IP devices. In other words, applicable to GTM too. E.g. Packet flow can be using "snat automap" settings in ltm virtual "DNS_listener".

SNAT is used in the show in the tmsh will help  and actually alll the config is in the UCS files. Entries in the bigip.conf file represent the result of using the Configuration utility to configure the BIG-IP system.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now