applying snat based on route out of local network

Well when possible we want to know where the connection came from on the server, and I am after a way to apply this generically across the board on any service. My tests have generally been on dns lookups and such, but if it's us rediredcting http traffic to a proxy using ident authentication or whatever then we would want to avoid the snat. Also there is the visibility of the traffic in general. If we have 3000 clients coming from a 10 ip snat pool and some are causing trouble, the snat is a big obstacle.

 

 

Currently we have servers on both sides of the box, so having a simple way to snat if it's needed, and not if we don't have to should hopefully provide the benefits of no snatting without having to realise whether we need to or not. if a server moves from one side to another, then the requirement to Snat will change, but using this sort of test, it would be taken in its stride.

 

 

I wouldn't expect to be using a rule like this on *everything*... i'm sure that stuff like dns would be better off just automapped and then ignored forever more, I just don't want to get caught out with many arbitrary things to check on, when an irule like this will just do what must be done, and nothing else.

 

 

I assume you think this all sounds pointless... and you may well be right, but currently i'm just about to put our beasts live in a data center and want to feel comfortable with what's going to happen.

 

 

Cheers

 

 

Chris