Jump to content
Welcome to our new Citrix community!

Single Content Switching virtual server for ssh connections (Redirect port 22 to severals vserver)


Recommended Posts

Hi,

 

I'd like to configure a Virtual Server Content Switching for all my Linux servers to access ssh, actually I have configured all my Virtual Server Load Balancing, so in my example I've got two VSLB 10.10.2.1 & 10.10.2.2 that listen on port 22. From my LAN I can connect to those vserver.

Now what I want to do :

 

  • I configured a new VIP in 10.11.2.1 that listen on port 22 (PUB DMZ)
  • I configured a NAT rules & an Acl that send all traffic send to my public IP address on port 22 to this VIP
  • like my https I woul'd like to create an expression that identify the vserver on which send the ssh connection

 

For example, I use a policy to loadbalance https on my multiples production webservers VSLB (HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("vname.domain.com") I setup a VIP that listen 443 and bind my different policy expression to it.

 

Now I would like to do the same for ssh, but I can't find a valid expression to make it :

 

If I request an ssh connection with the hostname "ssh1.domain.com" i would like to be redirect to vslb1 and if i request "ssh2.domain.com" I'm going to vlsb2

I think that I can start my expression with client.TCP.DSTPORT.EQ(22) but i have to add the other part of the expression that extract the DNS request

 

I tried client.TCP.DSTPORT.EQ(22) && HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("ssh1.domain.com") -> failed because attached VSLB is not compatible (i don't listen on http or https so this is normal)

 

image.thumb.png.c6aa9f0e241f5c7f0dcbef9df82feea7.png

 

Can I do something like that ? Or am I stuck to assign one port to one vserver, one pub IP for one vserver ?

 

Thanks.

 

Link to comment
Share on other sites

Hi,

 

it's a TCP 22 service type, I think I have to bind TCP expression, but I don't find what to write on it :

 

image.thumb.png.d0e10f172d8c648b79d5dd719d147577.png

 

What I want to do

  • If I try to connect to "vname.domain.com" on port 22 I'm redirected to vslb1 port 22
  • If I try to connect to "vname2.domain.com" on port 22 I'm redirected to vslb2 port 22

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...