remap based on source IP or destination port

[Dk Jack <dn...@gmail.com>]

Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
something like this:

map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/

or

map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/

With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
listen port. Tried this:

regex_remap http://.*:8081/ http://10.1.10.1:8080/
 @actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
 @actio=allow @src_ip=10.1.1.2

Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.

The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.

Regards,
Dk.

Re: remap based on source IP or destination port

[Dk Jack <dn...@gmail.com>]

Thanks for answering Leif,
With some trail and error I came to the same conclusion last night after I had sent my email. That seems to work. 

However, this requires me to configure the each client side LB to send on a specific port. I’ll explore Alan’s suggestion and see if I can make work the way I want. Otherwise, I’ll have to live with this. Thanks again. 

> On Sep 28, 2018, at 10:06 AM, Leif Hedstrom <zw...@apache.org> wrote:
> 
> 
> 
>> On Sep 27, 2018, at 10:31 PM, Dk Jack <dn...@gmail.com> wrote:
>> 
>> Hi,
>> I need to remap incoming traffic from a specific IP (connection IP) or
>> traffic that is received on a specific port i.e ATS listening/server port
>> to be sent to a specific IP+port. Distribute incoming traffic to multiple
>> sites based on source-ip or listening port. For example, I want to do
>> something like this:
>> 
>> map_with_recv_port 8081 http://10.1.10.1:8080/
>> map_with_recv_port 8082 http://10.1.10.2:8080/
> 
> 
> No, I’d expect it to look like this
> 
> 	map_with_recv_port http://example.com:8081 http://10.1.10.1:8080/
> 	map_with_recv_port http://example.com:8082 http://10.1.10.2:8080/
> 
> 
> The only (afaik) difference I know is that the match is done on the incoming port rather than what the request sent in the Host: header. So, a request like this (that connects to port  server port 8081) would still match the above:
> 
> 	GET / HTTP/1.1
> 	Host: example.com
> 
> 
> (notice the absence of a port in the request). This feature was done, I believe, where you might have a router, switch or load balancer in front of ATS, which remaps the incoming port (say 80) to a different destination port (say 8081) based on something else (like, source IP).
> 
> 
> Try it and see if that helps.
> 
> — leif
> 
> 
> 
>> 
>> 
>> or
>> 
>> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
>> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>> 
>> With map or regex_remap, they allow me to filter on particular source IP.
>> However, what I want is not filtering, but remap based on source-ip or
>> listen port. Tried this:
>> 
>> regex_remap http://.*:8081/ http://10.1.10.1:8080/
>> @actio=allow @src_ip=10.1.1.1
>> regex_remap http://.*:8082/ http://10.1.10.2:8080/
>> @actio=allow @src_ip=10.1.1.2
>> 
>> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
>> always tries to send it to 10.1.10.1.
>> 
>> The documentation for map_with_recv_port says it should work exactly as
>> map, but I haven't found a good example. The example, I showed above
>> doesn't seem to work. Would greatly appreciate any tips or suggestions.
>> Thanks.
>> 
>> Regards,
>> Dk.
> 

Re: remap based on source IP or destination port

[Leif Hedstrom <zw...@apache.org>]

> On Sep 27, 2018, at 10:31 PM, Dk Jack <dn...@gmail.com> wrote:
> 
> Hi,
> I need to remap incoming traffic from a specific IP (connection IP) or
> traffic that is received on a specific port i.e ATS listening/server port
> to be sent to a specific IP+port. Distribute incoming traffic to multiple
> sites based on source-ip or listening port. For example, I want to do
> something like this:
> 
> map_with_recv_port 8081 http://10.1.10.1:8080/
> map_with_recv_port 8082 http://10.1.10.2:8080/ <http://10.1.10.2:8080/>


No, I’d expect it to look like this

	map_with_recv_port http://example.com:8081 <http://example.com:8081/> http://10.1.10.1:8080/ <http://10.1.10.1:8080/>
	map_with_recv_port http://example.com:8082 <http://example.com:8082/> http://10.1.10.2:8080/ <http://10.1.10.2:8080/>


The only (afaik) difference I know is that the match is done on the incoming port rather than what the request sent in the Host: header. So, a request like this (that connects to port  server port 8081) would still match the above:

	GET / HTTP/1.1
	Host: example.com <http://example.com/>


(notice the absence of a port in the request). This feature was done, I believe, where you might have a router, switch or load balancer in front of ATS, which remaps the incoming port (say 80) to a different destination port (say 8081) based on something else (like, source IP).


Try it and see if that helps.

— leif



> 
> 
> or
> 
> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
> 
> With map or regex_remap, they allow me to filter on particular source IP.
> However, what I want is not filtering, but remap based on source-ip or
> listen port. Tried this:
> 
> regex_remap http://.*:8081/ http://10.1.10.1:8080/
> @actio=allow @src_ip=10.1.1.1
> regex_remap http://.*:8082/ http://10.1.10.2:8080/
> @actio=allow @src_ip=10.1.1.2
> 
> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
> always tries to send it to 10.1.10.1.
> 
> The documentation for map_with_recv_port says it should work exactly as
> map, but I haven't found a good example. The example, I showed above
> doesn't seem to work. Would greatly appreciate any tips or suggestions.
> Thanks.
> 
> Regards,
> Dk.

Re: remap based on source IP or destination port

[Dk Jack <dn...@gmail.com>]

Thanks Alan,
Will explore that...

/D

> On Sep 28, 2018, at 7:37 AM, Alan Carroll <so...@oath.com.INVALID> wrote:
> 
> I would be tempted to see if header_rewrite can do what you want. There are
> a wider variety of conditionals available there. You could hook it up to
> only run on your regex_remap line and "override" the remap rule result as
> needed. I haven't use map_with_recv_port so I can't say if it could be made
> to work. You might try testing that with the debug tag 'http|url_rewrite'
> and see what shows up.
> 
>> On Thu, Sep 27, 2018 at 11:31 PM Dk Jack <dn...@gmail.com> wrote:
>> 
>> Hi,
>> I need to remap incoming traffic from a specific IP (connection IP) or
>> traffic that is received on a specific port i.e ATS listening/server port
>> to be sent to a specific IP+port. Distribute incoming traffic to multiple
>> sites based on source-ip or listening port. For example, I want to do
>> something like this:
>> 
>> map_with_recv_port 8081 http://10.1.10.1:8080/
>> map_with_recv_port 8082 http://10.1.10.2:8080/
>> 
>> or
>> 
>> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
>> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>> 
>> With map or regex_remap, they allow me to filter on particular source IP.
>> However, what I want is not filtering, but remap based on source-ip or
>> listen port. Tried this:
>> 
>> regex_remap http://.*:8081/ http://10.1.10.1:8080/
>> @actio=allow @src_ip=10.1.1.1
>> regex_remap http://.*:8082/ http://10.1.10.2:8080/
>> @actio=allow @src_ip=10.1.1.2
>> 
>> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
>> always tries to send it to 10.1.10.1.
>> 
>> The documentation for map_with_recv_port says it should work exactly as
>> map, but I haven't found a good example. The example, I showed above
>> doesn't seem to work. Would greatly appreciate any tips or suggestions.
>> Thanks.
>> 
>> Regards,
>> Dk.
>> 
> 
> 
> -- 
> *Beware the fisherman who's casting out his line in to a dried up riverbed.*
> *Oh don't try to tell him 'cause he won't believe. Throw some bread to the
> ducks instead.*
> *It's easier that way. *- Genesis : Duke : VI 25-28

Re: remap based on source IP or destination port

[Alan Carroll <so...@oath.com.INVALID>]

I would be tempted to see if header_rewrite can do what you want. There are
a wider variety of conditionals available there. You could hook it up to
only run on your regex_remap line and "override" the remap rule result as
needed. I haven't use map_with_recv_port so I can't say if it could be made
to work. You might try testing that with the debug tag 'http|url_rewrite'
and see what shows up.

On Thu, Sep 27, 2018 at 11:31 PM Dk Jack <dn...@gmail.com> wrote:

> Hi,
> I need to remap incoming traffic from a specific IP (connection IP) or
> traffic that is received on a specific port i.e ATS listening/server port
> to be sent to a specific IP+port. Distribute incoming traffic to multiple
> sites based on source-ip or listening port. For example, I want to do
> something like this:
>
> map_with_recv_port 8081 http://10.1.10.1:8080/
> map_with_recv_port 8082 http://10.1.10.2:8080/
>
> or
>
> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>
> With map or regex_remap, they allow me to filter on particular source IP.
> However, what I want is not filtering, but remap based on source-ip or
> listen port. Tried this:
>
> regex_remap http://.*:8081/ http://10.1.10.1:8080/
>  @actio=allow @src_ip=10.1.1.1
> regex_remap http://.*:8082/ http://10.1.10.2:8080/
>  @actio=allow @src_ip=10.1.1.2
>
> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
> always tries to send it to 10.1.10.1.
>
> The documentation for map_with_recv_port says it should work exactly as
> map, but I haven't found a good example. The example, I showed above
> doesn't seem to work. Would greatly appreciate any tips or suggestions.
> Thanks.
>
> Regards,
> Dk.
>


-- 
*Beware the fisherman who's casting out his line in to a dried up riverbed.*
*Oh don't try to tell him 'cause he won't believe. Throw some bread to the
ducks instead.*
*It's easier that way. *- Genesis : Duke : VI 25-28