Forum Discussion

Nimbostratus

Nov 08, 2013

Accessing internet

I am trying to write a iRule to SNAT whenever my backend nodes needs to access internet. Here is what I have but it is not working. it finds the match and snat but then keeps the IP even I ping inte...

Cirrostratus

Nov 11, 2013

You need quotes around the switch cases and should use IP::client_addr, not local_addr, like so;

when CLIENT_ACCEPTED { 
 set local [IP::client_addr]
 switch -glob $local { 
  "10.*" { log local0. "MATCHED 10, NO SNAT CLASS" snat none }
  "172.*" { log local0. "MATCHED 172, NO SNAT CLASS" snat none }
  "192.168.*" { log local0. "MATCHED 192, NO SNAT CLASS" snat none } 
  default { log local0. "MATCH AND SNAT" snat x.x.x.x }
 }
}

I'm a bit uneasy about how switch might work with IP addresses but you're probably OK. Personally, I'd reduce it all to this;

when CLIENT_ACCEPTED {
 switch -glob [IP::client_addr] {
  "10._" -
  "172_" -
  "192.168*" { log local0. "MATCHED Private IP, NO SNAT CLASS" snat none } 
  default { log local0. "MATCH AND SNAT" snat x.x.x.x } 
  }
 }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)