can an irule apply to a NAT?

Question

We have a desire to log/monitor ports going thru a NAT so that we can block certain ports later on? 
&nbsp;  
&nbsp; when SERVER_CONNECTED { 
&nbsp;     This logs information about: 
&nbsp;      *) the clientside part of the client&lt;-&gt;LTM connection, and 
&nbsp;      *) the serverside part of the LTM&lt;-&gt;server connection. 
&nbsp;    log local0.info "Complete connection: [IP::client_addr]:[TCP::client_port]&lt;-&gt;LTM&lt;-&gt;[IP::server_addr]:[TCP::server_port]" 
&nbsp; } 
&nbsp;  
&nbsp;  
&nbsp; Is there a way to apply an irule directly to a NAT? 
&nbsp; Or we have to create a pool, irule, then associate the irule with the VS?  Thanks! 
&nbsp;  
&nbsp;

hoolio · Answer

You cannot apply a rule to a NAT.  It would be possible to do as you've suggested and create a one-to-one virtual server defined on port 0 (any) and then log the connections with the iRule.  It's easier with an iRule to limit the ports compared with a NAT. 
&nbsp;  
&nbsp; Aaron

lmwf1_55268 · Answer

Thanks a bunch for your quick reply.

Forum Discussion

can an irule apply to a NAT?

2 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

R4800 snmp issues.

F5 XC JWKS auto update

PCI Compliance and ASM

irule for redirect and header injection

What happens if I activate only ASM without provisioning LTM?

Related Content

BIG-IP AFM設定例-NAT

Terraform apply failures - loadbalancer_type.https.port_choice

Applying APM on an iframe

Trouble applying GoDaddy certificate to a virtual server

iRules Style Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS