11.2.4.7. Server access using the client IP address

Operation Confirmed Version:
 Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition
Here, operation check when NAT function of a source IP address is disabled will be introduced.
You can use this function when the server side wants to receive notification of the source IP address and X-Forwarded-For is not usable.
Normally, communication via the Load Balancer, by default, has the source IP address translated by NAT to the IP address that the Load Balancer has.

Default mode setting to disable NAT function of source IP address

Here, we will see how to change the default mode of source IP address NAT function of the Load Balancer.
By this change, newly created services are set not to use the source NAT function.

Presumed case for sample setting

  • Assume that we want to set not to use the source NAT function of the Load Balancer.

  • Also assume that we want to change the default operation mode to enable all the services.

From the [ Configuration ] menu, move to [ system ] → [ Settings ], and click [ Configure Modes ].
Fig15104
Configure Modes screen will open. Check mark [ Use Source IP ] and click the [ OK ] button.
Fig15105
Click “Save the running configuration“ in [Configuration] tab to save config.
Fig15105
Click “Yes” at popup screen.
Fig15105
After the setting above, all the newly-created Services and Service Group will have the source IP address NAT function disabled.

Note

The setting of the [ Use Source IP ] will not be changed if already-created Services and Service Group exist. In this case, setting change should be made individually.

Individual setting to disable NAT function of source IP address

Assume that we want to be able to check the IP address of the client PC (192.168.1.103) that accesses in the Web Server side.

Presumed case for sample setting

  • Assume that we want to be able to check the IP address of the client PC (192.168.1.103) that accesses in the Web Server side.

  • Assume that we want to set not to use the source NAT function of the Load Balancer.

  • We do not want to change the default source NAT operation mode.

Configuration diagram
Fig15101
Change will be made in the following environment.

Setting Items

Setting value

Virtual PC

192.168.1.103

Load Balancer

192.168.2.11
Virtual Server IP Address:192.168.1.200

Distribution destination Web Server

IP Address:192.168.2.12

Additional Setting

Use Source IP Address

Note

In the following procedures, completion of Service registration/setting is assumed.

From the [ Configuration ] menu, move to [ Traffic Management ] → [ Services ]. Select the configured Service (www1) and click [ Edit ].
Fig15106
As [ Use Source IP Address ] is set to NO, click the right button on the [ Settings ] item to open the Edit screen of contents of the setting.
Fig15107
If you check mark [ Use Source IP Address ] on the [ Settings ], you can access the Server without NAT by the Load Balancer”.
Fig15108
Click “Save the running configuration“ in [Configuration] tab to save config.
Fig15105
Click “Yes” at popup screen.
That completes the setting to disable the source NAT function.
Fig15105

Operation check result

From a browser of a client PC, access the IP Address (192.168.2.200) of the Virtual Server. You can see that a web page is displayed on the browser of the client PC.
Fig15102
From the log of the Virtual Web Server, we confirmed that the source IP address is the IP address of the client PC, hence we confirmed the operation of disabling the source IP address NAT function.
Fig15103