Use Address for Server NAT

The Use Address for Server NAT check box is available in the Standard Options section of the Virtual Service modify screen. To access this screen, in the LoadMaster Web User Interface (WUI), go to Virtual Services > View/Modify Services and click Modify on the relevant Virtual Service.

By default, when the LoadMaster is being used to SNAT (Server Network Address Translate) Real Servers, the source IP address that is used on the internet is that of the LoadMaster. The Use Address for Server NAT option allows the Real Servers configured on the Virtual Service to use the Virtual Service as the source IP address instead.

This option is most useful for services such as SMTP when the LoadMaster is in a public domain and when the service requires a reverse DNS check to see if the source address sent from the LoadMaster is the same as the Mail Exchanger (MX) record of the sender.

If the Real Servers are configured on more than one Virtual Service which has this option set, only connections to destination port 443 will use this Virtual Service as the source IP address. The LoadMaster will try to match the port to the virtual service IP where possible.

If the IP address of the virtual service is changed. The LoadMaster will continue to use the original IP for Server NAT. To change this, uncheck the Use Address for Server NAT option and check it again.

Was this article helpful?

1 out of 1 found this helpful

Comments

Avatar
James Basso

"If the Real Server is configured on more than one Virtual Service which has this option set, the LoadMaster will examine the destination port of the server's request and then select the Virtual Service whose port matches. The LM will then use this Virtual Service as the source IP address."

The issue with the original wording, is it specifies port 443, which is true if the server makes an HTTPS request. An HTTP request by the server would match the VS that uses port 80.

Edited by James Basso
Avatar
Server Team

When one is changing the IP-address of the virtual Service, the Option must afterwards unchecked and checked again. If omited, the formaly IP-address is still used.

Avatar
James Basso

I assume that would be a bug. I will contact our support team and mention this issue. Thank you for reporting this unexpected behavior.

Avatar
Philip O'Connor

Hi Serverteam, I'm a member of the EMEA Support team. I've updated our development team on the behaviour. I'll keep you posted on the results. Thank's again for reporting this behaviour.