From 3ca51363be15ea13c292a84aec38c3b6847b2b40 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 19:37:07 +0200 Subject: document NAT and SNAT --- docs/fapi.pod | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/fapi.pod b/docs/fapi.pod index b5cfa9b..163b025 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -140,13 +140,39 @@ And everything can be deleted as folows: fapi node fooserver1.example.com delete fapi node fooserver2.example.com delete -=head2 Setting up simple NAT Services +=head2 Setting up simple HTTP NAT Services - (Docu to be written) +A simple HTTP NATed service can be created as follows. + + # Create a NATed HTTP vserver + # fapi auto resolves the IP address. + fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http + + # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set pool foopool + + # Add a NATed HTTPS vserver + fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http + fapi vserver myvserver.example.com:443 set pool foopool + + # Restrict the vserver to a specific VLAN (IMPORTANT! security + # hole otherwise!) + fapi vserver myvserver.example.com:443 set vlan VLANNAME + + # Put the VirtualAddress of the vserver into a specific traffic group + fapi vip myserver.example.com set tgroup some-traffic-group + +In order to make this work your application servers need to have setup a +default route to the loadbalancers floating self IP. =head2 Setting up simple SNAT Services - (Docu to be written) +Same as setting up a NATed services, but you don't need to configure default +routes from your application servers to the loadbalancers floating self IP. + +You need also to set the SNAT flag as follows: + + fapi vserver myvserver.example.com:443 set snat automap =head2 About the NAME argument -- cgit v1.2.3 From cad5da1f4f7e6f65b7b40f32f59718a4f5c45cd5 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:02:32 +0200 Subject: New release --- docs/fapi.1 | 38 ++++++++++++++++++++++++++++++++------ docs/fapi.txt | 33 ++++++++++++++++++++++++++++++--- docs/synopsis.txt | 13 +++++++------ 3 files changed, 69 insertions(+), 15 deletions(-) (limited to 'docs') diff --git a/docs/fapi.1 b/docs/fapi.1 index 1dc317f..78b7cdb 100644 --- a/docs/fapi.1 +++ b/docs/fapi.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "FAPI 1" -.TH FAPI 1 "2014-05-16" "fapi 0.7.0" "User Commands" +.TH FAPI 1 "2014-05-16" "fapi 0.7.1" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -281,15 +281,41 @@ And everything can be deleted as folows: \& fapi node fooserver1.example.com delete \& fapi node fooserver2.example.com delete .Ve -.SS "Setting up simple \s-1NAT\s0 Services" -.IX Subsection "Setting up simple NAT Services" -.Vb 1 -\& (Docu to be written) +.SS "Setting up simple \s-1HTTP\s0 \s-1NAT\s0 Services" +.IX Subsection "Setting up simple HTTP NAT Services" +A simple \s-1HTTP\s0 NATed service can be created as follows. +.PP +.Vb 3 +\& # Create a NATed HTTP vserver +\& # fapi auto resolves the IP address. +\& fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http +\& +\& # Add the pool to the vserver. +\& fapi vserver myvserver.example.com:80 set pool foopool +\& +\& # Add a NATed HTTPS vserver +\& fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http +\& fapi vserver myvserver.example.com:443 set pool foopool +\& +\& # Restrict the vserver to a specific VLAN (IMPORTANT! security +\& # hole otherwise!) +\& fapi vserver myvserver.example.com:443 set vlan VLANNAME +\& +\& # Put the VirtualAddress of the vserver into a specific traffic group +\& fapi vip myserver.example.com set tgroup some\-traffic\-group .Ve +.PP +In order to make this work your application servers need to have setup a +default route to the loadbalancers floating self \s-1IP\s0. .SS "Setting up simple \s-1SNAT\s0 Services" .IX Subsection "Setting up simple SNAT Services" +Same as setting up a NATed services, but you don't need to configure default +routes from your application servers to the loadbalancers floating self \s-1IP\s0. +.PP +You need also to set the \s-1SNAT\s0 flag as follows: +.PP .Vb 1 -\& (Docu to be written) +\& fapi vserver myvserver.example.com:443 set snat automap .Ve .SS "About the \s-1NAME\s0 argument" .IX Subsection "About the NAME argument" diff --git a/docs/fapi.txt b/docs/fapi.txt index 698a0cb..d875f43 100644 --- a/docs/fapi.txt +++ b/docs/fapi.txt @@ -128,11 +128,38 @@ EXAMPLES fapi node fooserver1.example.com delete fapi node fooserver2.example.com delete - Setting up simple NAT Services - (Docu to be written) + Setting up simple HTTP NAT Services + A simple HTTP NATed service can be created as follows. + + # Create a NATed HTTP vserver + # fapi auto resolves the IP address. + fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http + + # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set pool foopool + + # Add a NATed HTTPS vserver + fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http + fapi vserver myvserver.example.com:443 set pool foopool + + # Restrict the vserver to a specific VLAN (IMPORTANT! security + # hole otherwise!) + fapi vserver myvserver.example.com:443 set vlan VLANNAME + + # Put the VirtualAddress of the vserver into a specific traffic group + fapi vip myserver.example.com set tgroup some-traffic-group + + In order to make this work your application servers need to have setup a + default route to the loadbalancers floating self IP. Setting up simple SNAT Services - (Docu to be written) + Same as setting up a NATed services, but you don't need to configure + default routes from your application servers to the loadbalancers + floating self IP. + + You need also to set the SNAT flag as follows: + + fapi vserver myvserver.example.com:443 set snat automap About the NAME argument In most cases NAME can be a hostname, FQDN or an IP address. Optionally diff --git a/docs/synopsis.txt b/docs/synopsis.txt index 054543f..8e7317c 100644 --- a/docs/synopsis.txt +++ b/docs/synopsis.txt @@ -1,4 +1,4 @@ -usage: fapi [-b B] [-e E] [-f F] [-h] [-i] [-l] [-n] [-v] [-V] [-C C] +usage: fapi [-b B] [-d] [-e E] [-f F] [-h] [-i] [-l] [-n] [-v] [-V] [-C C] [what] [name] [sub] [sub2] [sub3] [sub4] [sub5] positional arguments: @@ -12,19 +12,20 @@ positional arguments: optional arguments: -b B Forces to use the secified loadbalancer (overwrites -e) + -d Disable colorful output -e E Env to use, e.g. dev,qa,live -f F Overwrite partition/folder from fapi.conf -h Print this help -i Interactive shell -l Use list output - -n No color (disable colorful output) + -n No-op (don't do actual stuff) -v Verbose -V Print program version -C C Config file Synopsis: - monitor + monitor monitor NAME get desc|state node node NODENAME create|delete @@ -50,9 +51,9 @@ Synopsis: vserver NAME set nat|pat disabled|enabled vserver NAME set pool POOLNAME vserver NAME set snat automap|none - vserver NAME set vlan [list,of,vlans,to,allow] + vserver NAME set vlan [list,of,vlans,to,allow] The following partially needs admininstrator privileges on / and /Common - -f Common -b balancer.example.com selfip + -f Common -b balancer.example.com selfip -f Common -b balancer.example.com selfip NAME create NETMASK VLANNAME [TGROUP] -f Common -b balancer.example.com selfip NAME delete -f Common -b balancer.example.com selfip NAME get detail|tgroup @@ -72,5 +73,5 @@ The following partially needs admininstrator privileges on / and /Common -f / folder -f / folder NAME create|delete -f / folder NAME get detail|dgroup|tgroup - -f / folder NAME set dgroup|tgroup DGROUP|TGROUP + -f / folder NAME set dgroup|tgroup DGROUP|TGROUP Please consult the manpage for examples. -- cgit v1.2.3 From b4969592859f7a7b8fbc54dc6a923739e36c4a6e Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:11:41 +0200 Subject: fix documentation --- docs/fapi.pod | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'docs') diff --git a/docs/fapi.pod b/docs/fapi.pod index 163b025..225a5f6 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -107,22 +107,12 @@ If you want to list all configured objects on your partition just run A simple nPath service can be created as follows. - # Create a nPath HTTP vserver, 'nPath' also auto disables NAT and PAT - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath - - # Add the pool to the vserver. The vservers name inside of BigIP will be - # the FQDN followed by _PORT. In this case it would be: - # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) - # The reason is that : are not allowed in vserver names. fapi vserver myvserver.example.com:80 set pool foopool - # Add a nPath HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security + # Restrict the vservers to a specific VLAN (IMPORTANT! security # hole otherwise!) + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:443 set vlan VLANNAME # Put the VirtualAddress of the vserver into a specific traffic group @@ -144,24 +134,10 @@ And everything can be deleted as folows: A simple HTTP NATed service can be created as follows. - # Create a NATed HTTP vserver - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http - - # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:80 set pool foopool - # Add a NATed HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security - # hole otherwise!) - fapi vserver myvserver.example.com:443 set vlan VLANNAME - - # Put the VirtualAddress of the vserver into a specific traffic group - fapi vip myserver.example.com set tgroup some-traffic-group - In order to make this work your application servers need to have setup a default route to the loadbalancers floating self IP. -- cgit v1.2.3 From db6eeb697243ff2ef4eff87df0b568ec8ec1b4ac Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:12:07 +0200 Subject: New release --- docs/fapi.1 | 34 +++++----------------------------- docs/fapi.txt | 30 +++--------------------------- 2 files changed, 8 insertions(+), 56 deletions(-) (limited to 'docs') diff --git a/docs/fapi.1 b/docs/fapi.1 index 78b7cdb..740f5f4 100644 --- a/docs/fapi.1 +++ b/docs/fapi.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "FAPI 1" -.TH FAPI 1 "2014-05-16" "fapi 0.7.1" "User Commands" +.TH FAPI 1 "2014-05-16" "fapi 0.7.2" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -245,23 +245,13 @@ If you want to list all configured objects on your partition just run .IX Subsection "Setting up a simple nPath Service" A simple nPath service can be created as follows. .PP -.Vb 3 -\& # Create a nPath HTTP vserver, \*(AqnPath\*(Aq also auto disables NAT and PAT -\& # fapi auto resolves the IP address. +.Vb 2 \& fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath -\& -\& # Add the pool to the vserver. The vservers name inside of BigIP will be -\& # the FQDN followed by _PORT. In this case it would be: -\& # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) -\& # The reason is that : are not allowed in vserver names. \& fapi vserver myvserver.example.com:80 set pool foopool \& -\& # Add a nPath HTTPS vserver -\& fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath -\& fapi vserver myvserver.example.com:443 set pool foopool -\& -\& # Restrict the vserver to a specific VLAN (IMPORTANT! security +\& # Restrict the vservers to a specific VLAN (IMPORTANT! security \& # hole otherwise!) +\& fapi vserver myvserver.example.com:80 set vlan VLANNAME \& fapi vserver myvserver.example.com:443 set vlan VLANNAME \& \& # Put the VirtualAddress of the vserver into a specific traffic group @@ -286,23 +276,9 @@ And everything can be deleted as folows: A simple \s-1HTTP\s0 NATed service can be created as follows. .PP .Vb 3 -\& # Create a NATed HTTP vserver -\& # fapi auto resolves the IP address. \& fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http -\& -\& # Add the pool to the vserver. +\& fapi vserver myvserver.example.com:80 set vlan VLANNAME \& fapi vserver myvserver.example.com:80 set pool foopool -\& -\& # Add a NATed HTTPS vserver -\& fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http -\& fapi vserver myvserver.example.com:443 set pool foopool -\& -\& # Restrict the vserver to a specific VLAN (IMPORTANT! security -\& # hole otherwise!) -\& fapi vserver myvserver.example.com:443 set vlan VLANNAME -\& -\& # Put the VirtualAddress of the vserver into a specific traffic group -\& fapi vip myserver.example.com set tgroup some\-traffic\-group .Ve .PP In order to make this work your application servers need to have setup a diff --git a/docs/fapi.txt b/docs/fapi.txt index d875f43..93e9122 100644 --- a/docs/fapi.txt +++ b/docs/fapi.txt @@ -95,22 +95,12 @@ EXAMPLES Setting up a simple nPath Service A simple nPath service can be created as follows. - # Create a nPath HTTP vserver, 'nPath' also auto disables NAT and PAT - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath - - # Add the pool to the vserver. The vservers name inside of BigIP will be - # the FQDN followed by _PORT. In this case it would be: - # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) - # The reason is that : are not allowed in vserver names. fapi vserver myvserver.example.com:80 set pool foopool - # Add a nPath HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security + # Restrict the vservers to a specific VLAN (IMPORTANT! security # hole otherwise!) + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:443 set vlan VLANNAME # Put the VirtualAddress of the vserver into a specific traffic group @@ -131,24 +121,10 @@ EXAMPLES Setting up simple HTTP NAT Services A simple HTTP NATed service can be created as follows. - # Create a NATed HTTP vserver - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http - - # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:80 set pool foopool - # Add a NATed HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security - # hole otherwise!) - fapi vserver myvserver.example.com:443 set vlan VLANNAME - - # Put the VirtualAddress of the vserver into a specific traffic group - fapi vip myserver.example.com set tgroup some-traffic-group - In order to make this work your application servers need to have setup a default route to the loadbalancers floating self IP. -- cgit v1.2.3 From 11907a7e5362509e3526ae1bede68c93f2e38add Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:13:49 +0200 Subject: New release --- docs/fapi.1 | 4 ++-- docs/fapi.pod | 2 +- docs/fapi.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/fapi.1 b/docs/fapi.1 index 740f5f4..c47300d 100644 --- a/docs/fapi.1 +++ b/docs/fapi.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "FAPI 1" -.TH FAPI 1 "2014-05-16" "fapi 0.7.2" "User Commands" +.TH FAPI 1 "2014-05-16" "fapi 0.7.3" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -291,7 +291,7 @@ routes from your application servers to the loadbalancers floating self \s-1IP\s You need also to set the \s-1SNAT\s0 flag as follows: .PP .Vb 1 -\& fapi vserver myvserver.example.com:443 set snat automap +\& fapi vserver myvserver.example.com:80 set snat automap .Ve .SS "About the \s-1NAME\s0 argument" .IX Subsection "About the NAME argument" diff --git a/docs/fapi.pod b/docs/fapi.pod index 225a5f6..ca50e31 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -148,7 +148,7 @@ routes from your application servers to the loadbalancers floating self IP. You need also to set the SNAT flag as follows: - fapi vserver myvserver.example.com:443 set snat automap + fapi vserver myvserver.example.com:80 set snat automap =head2 About the NAME argument diff --git a/docs/fapi.txt b/docs/fapi.txt index 93e9122..67fe651 100644 --- a/docs/fapi.txt +++ b/docs/fapi.txt @@ -135,7 +135,7 @@ EXAMPLES You need also to set the SNAT flag as follows: - fapi vserver myvserver.example.com:443 set snat automap + fapi vserver myvserver.example.com:80 set snat automap About the NAME argument In most cases NAME can be a hostname, FQDN or an IP address. Optionally -- cgit v1.2.3