Forum Discussion
LillyM_9417
Altostratus
Altostratusavoid changing source port of the connection while using SNAT
Hello,
We are using SNAT in the irule. Lets assume client's Ip address 192.1.1.1 and port 9999, after the SNAT operations
we manage to change the clients IP address to spesific ip address format which is Okay and works fine. But although we do not do any change in the SNAT statement in the irule about the source port ( client's port), its also changed randomly. Is there any way to preserve source port same? We do not want to change the source port we want it to remain same.
Any help will be greatful.
Thanks a lot in advance.
Lilly
12 Replies
Nathan_Houck_65Nimbostratus
It sounds like you want to have port translation turned off on this VS. Have you tried unchecking the port translation box on the Virtual Server configuration page in the GUI?
LillyM_9417Hello,
I did port translation disabled, but now I cannot reach the member in the pool. When I enabled port translation again it starts to work.
Do you have any idea why it happens?
Thanks
Lilly- LillyM_9417
I want to remain "client's port same", as far as I read from the help port translation disabled is used for virtual server's port not for clients' port.
Any help?
Thanks a lot - Nathan_Houck_65Please post your I rule so we can see how the client ip address is getting manipulated.
- hoolio
Cirrostratus
See this post for another reply:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/aft/1178739/showtab/groupforums/Default.aspx
Aaron - LillyM_9417Hello,
Our version is 10.2, I changed source port to preserve and also preserve strict and tried again. and nothing works.
My irule is:
=================
timing on
when RULE_INIT {
set static::xdebugsubdev 0
}
when CLIENT_ACCEPTED {
TCP::collect 8
if { [IP::addr [IP::client_addr] equals 192.0.0.0/8 ] } {
set caddr "[IP::client_addr]"
scan $caddr %d.%d.%d.%d ya yb yc yd
snat 292.$yb.$yc.$yd
}
}
================= - LillyM_9417I rule works fine, if I do: Address Translation Enabled , Port Translation enabled and sourceport preserve. But in this case, source port of the clients' changing not remain same.
Then I tried port translation disabled, and also delete irule + port translation disabled and tried again. None of them works.
Do you have an idea?
thanks a lot
Lilly - LillyM_9417Guys,
Please help, does not anyone have any idea?
Million thanks. - hoolioWhat kind of application is this? Do clients use the same source port at the same time?
If clients all use the same source address you could try creating a SNAT pool with many addresses, configure that on the virtual server and set the virtual server source port setting to strict preserve. If the changing source address from the SNAT pool config becomes a problem, you could use a hash to determine the SNAT address to use. This iRule would replace the need for a defined SNAT pool.
http://devcentral.f5.com/wiki/default.aspx/iRules/snat_pool_persistence.html
Aaron - LillyM_9417Hello,
Clients' do not use the same address, clients means computer, so each client has different ip addresses and different ports. We do not use SNAT pool, also we think we do not need to do, we change the clients' ip address in the irule (using SNAT) while the connection comes to virtual server. But we dont want to be changed source port of the client.
Thanks a lot.
