Forum Discussion

Logan_Ramirez_5's avatar
Logan_Ramirez_5
Icon for Nimbostratus rankNimbostratus
Dec 08, 2005

conditional SNAT

We have a relatively simple environment: two data centers, one web server in each, one bigip in each. Basic pool in each office for web servers consists of (a) local web server and (b) other data cen...
application delivery
dev
devops
iRules
G__Wesley_Rober's avatar
G__Wesley_Rober
Historic F5 Account
Dec 14, 2005
You are most welcome. I ran out of gas last night, but here are the other (simpler) versions I came up with that may be useful for someone who has forwarding virtuals.

The problem I was actually trying to solve was simply to disable SNAT for a single forwarding Virtual that passed traffic from the internal to external VLAN. The iRule in the previous post allowed me to eliminate the network forwarding virtual altogether and just do it in the wildcard virtual. Anyhow, if you have a network virtual of type forwarding (ip), you can disable SNAT with any of these iRules. The Virtual:

virtual ToExternalVLAN {
   destination 10.30.1.0:any
   ip forward
   mask 255.255.255.0
   profile myfastl4
   vlans external enable
}

Use either of these iRules to disable SNAT:

rule DisableSnat2NET {
   when CLIENT_ACCEPTED {
   if {[IP::addr [IP::local_addr] equals "10.30.1.0/24"]} {
      log "Not going to SNAT to destination: [IP::local_addr]"
      snat none
   }
   else {
      log "SNAT to destination: [IP::local_addr]"
   }
}

rule JustDisableSNAT {  The winner 
   when CLIENT_ACCEPTED {
    log "Disabling SNAT"
    snat none
}