Forum Discussion

noahshelton_237's avatar
noahshelton_237
Icon for Nimbostratus rankNimbostratus
Aug 25, 2016

Combine IF and SWITCH to apply SNAT based on destination IP and/or TCP port

I use an irule applied to a L4 performance forwarding virtual server to serve as a sort of selective NAT based on a couple different criteria (in most cases just the TCP port for which I use a switch...
application delivery
iRules
LTM
  • ekaleido_26616's avatar
    ekaleido_26616
    Aug 26, 2016
    when CLIENT_ACCEPTED {
  if { [IP::addr [IP::local_addr] equals 10.10.10.10/32] } {
    switch [TCP::local_port] {
      "104" -
      "4000" -
      "7400" -
      "12000" { snat 10.10.70.70 }
      default { snat 10.10.70.15 }
    }
  }
}

    At this point, though, you're getting close to wanting to use a datagroup instead of switch.

Vijay_E's avatar
Vijay_E
Icon for Cirrus rankCirrus
Aug 25, 2016

So in this case if a connection hits my L4 VS/Irule with a destination of 10.10.10.10 and tcp port 104 will I get the first SNAT from within the IF statement, or will it continue to match and apply the second SNAT from withing the SWITCH statement?

 

2nd SNAT - 10.10.70.70

 

You can try using some kind of "return" statement if you want to stop processing after 1st match or you can change the order of matching depending on your requirements.

 

If you want the port to take precedence, you can use it above the IP address check. For example: 10.10.10.10:104 - which SNAT do you want to use ?