e.g.
[root@ve1023:Active] config b virtual bar list
virtual bar {
pool foo
destination 172.28.19.79:80
ip protocol 6
rules myrule
}
[root@ve1023:Active] config b pool foo list
pool foo {
members 200.200.200.101:80 {}
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
if {[class match -- [IP::client_addr] equals my_address_list]} {
snat automap
}
}
}
[root@ve1023:Active] config b class my_address_list list
class my_address_list {
{
host 1.1.1.1
network 2.2.2.0/24
network 192.168.206.0/24
}
}
when client is 172.28.19.251, source is not translated.
[root@ve1023:Active] config tcpdump -nni 0.0 'tcp[13] & 2!=0'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
02:29:45.708531 IP 172.28.19.251.42571 > 172.28.19.79.80: S 1677468122:1677468122(0) win 5840
02:29:45.708578 IP 172.28.19.79.80 > 172.28.19.251.42571: S 1344191834:1344191834(0) ack 1677468123 win 4380
02:29:45.710657 IP 172.28.19.251.42571 > 200.200.200.101.80: S 3311993428:3311993428(0) win 4380
02:29:45.711666 IP 200.200.200.101.80 > 172.28.19.251.42571: S 2029372087:2029372087(0) ack 3311993429 win 5792
when client is 192.168.206.42, source is translated to 200.200.200.10 (selfip).
[root@ve1023:Active] config tcpdump -nni 0.0 'tcp[13] & 2!=0'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
02:30:12.381535 IP 192.168.206.42.55524 > 172.28.19.79.80: S 3342265976:3342265976(0) win 8192
02:30:12.381574 IP 172.28.19.79.80 > 192.168.206.42.55524: S 3109283800:3109283800(0) ack 3342265977 win 3780
02:30:12.382670 IP 200.200.200.10.55524 > 200.200.200.101.80: S 3939564967:3939564967(0) win 4380
02:30:12.383675 IP 200.200.200.101.80 > 200.200.200.10.55524: S 2406281639:2406281639(0) ack 3939564968 win 5840