Forum Discussion
NimbostratusAccessing internet
I am trying to write a iRule to SNAT whenever my backend nodes needs to access internet. Here is what I have but it is not working. it finds the match and snat but then keeps the IP even I ping internal IPs.
when CLIENT_ACCEPTED { set local [IP::local_addr] switch -glob $local { 10.* { log local0. "MATCHED 10, NO SNAT CLASS" snat none } 172.* { log local0. "MATCHED 172, NO SNAT CLASS" snat none } 192.168.* { log local0. "MATCHED 192, NO SNAT CLASS" snat none } default { log local0. "MATCH AND SNAT" snat x.x.x.x } } }
2 Replies
What_Lies_Bene1Cirrostratus
You need quotes around the switch cases and should use IP::client_addr, not local_addr, like so;
when CLIENT_ACCEPTED { set local [IP::client_addr] switch -glob $local { "10.*" { log local0. "MATCHED 10, NO SNAT CLASS" snat none } "172.*" { log local0. "MATCHED 172, NO SNAT CLASS" snat none } "192.168.*" { log local0. "MATCHED 192, NO SNAT CLASS" snat none } default { log local0. "MATCH AND SNAT" snat x.x.x.x } } }I'm a bit uneasy about how switch might work with IP addresses but you're probably OK. Personally, I'd reduce it all to this;
when CLIENT_ACCEPTED { switch -glob [IP::client_addr] { "10._" - "172_" - "192.168*" { log local0. "MATCHED Private IP, NO SNAT CLASS" snat none } default { log local0. "MATCH AND SNAT" snat x.x.x.x } } }
HajarHello, in order to find out which globally routable IP from the SNAT pool is used, I added the following line to iRule, but it shows the pool member doesn’t pick one specific global IP from the SNAT pool but it picks different global IP from the SNAT pool in each connection. How I make sure it only picks one IP for entire session. when SERVER_CONNECTED { log local0. "Server's IP [IP::client_addr] , using global IP [IP::local_addr]" }
