Forum Discussion

Miguel_Alfaro_6's avatar
Miguel_Alfaro_6
Icon for Nimbostratus rankNimbostratus
Jun 27, 2008

Change TCP and UDP IP address

There is a way to change TCP or UDP headers?

 

For example: If some user makes a request to some Web, let’s say www.av.com (206.190.60.37) the irule sees that IP and changes it by someone like (205.178.137.173) in order to redirect the traffic.

 

The same if use ssh or telnet or any kind of traffic.

 

 

Something like

 

 

set old_IP [scan [IP::local_addr] "%d.%d.%d.%d"]

 

if $old_IP 206.190.60.37

 

set new “205.178.137.173”

 

set new_ip [binary format c4 $new]

 

TCP::header replace (“ip address”) $new_ip ??????
application delivery
dev
devops
iRules
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 27, 2008
    It looks like you have a wildcard VIP defined where you don't know what the destination IP will be and only want to perform destination address translation for some of the addresses. If that's the case, I'd suggest configuring additional IP Forwarding VIPs for the addresses you do you want to perform address translation for. Set the pool to be the translated address. if you want the translation done for any destination port, set the VIP and pool member port to 0.

     

     

    If you have a lot of addresses you want to translate, you could use the node command (Click here) to do it. Make sure to use IP::addr (Click here) to evaluate the IP address. This is more efficient than a string comparison.

     

     

    Aaron
  • Miguel_Alfaro_6's avatar
    Miguel_Alfaro_6
    Icon for Nimbostratus rankNimbostratus
    Jun 30, 2008
    What I want to do is address translation for all public IPs and turns them to private IPs.

     

    I want to trick a router that has a default route 0.0.0.0 to 172.16.20.10. This router sends all unknown traffic to Internet by the router with the 172.16.20.10 IP, but I need that in sometimes it sends all traffic to another router 172.16.20.20. I mean, I need that default route but in some times I do not (what I am trying to do is like a dynamic default route).

     

     

    I need when all the traffic goes through the LTM an irule changes the public IP to a private one, let’s say 200.11.22.33 to 10.10.10.2, then all traffic goes through the first router. When the packets arrives at the second LTM, another irule changes the private one to a public ip again (the original) 10.10.10.2 to 200.11.22.33

     

     

    I will hide the public IP into the payload at this way:

     

     

    Set XX [scan [IP:: remote_addr] " %d.%d.%d.%d"]

     

    Set yy [binary format c4 $xx]

     

    TCP:: payload replace 0 0 $yy

     

    here I need to change any public IP by a private (65.33.44.55 to 10.10.10.2) or (200.10.20.30 to 10.10.10.2) or any public IP to 10.10.10.2

     

     

    Then in the second LTM (irule 2) I am going to look for the original IP an put it back again

     

     

    Set zz [binary scan [TCP:: payload] a4 XX]

     

    here I need to put the public IP again (the original)

     

     

    can it be performed with the node command?

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 30, 2008
    I suppose that could be possible to do this as you've described using the node command. You'd need to have address translation enabled on the VIP you try this with.

     

     

    This seems like a lot of hoops to jump through in order to hack together routing. Can't you change the routing on the intermediate router?

     

     

    Aaron