Forum Discussion
Joe_41441
Nimbostratus
NimbostratusCreating Intelligent SNAT
Hello Group,
I have a question about setting up Intelligent SNAT. My intention is to use an iRule to dictate which public IP is used for a particular server's access to a whitelisted resource. It reads as a very simple procedure from this guide: https://support.f5.com/kb/en-us/pro...wp1192236
What I've done: 1. I have removed the node in question from a standard SNAT.
2. I have written an iRule with the snat command: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals a.b.c.d] } { snat w.x.y.z } }
3. F5 documentation says "From the Resources screen for the appropriate virtual server, assign the iRule as a resource to the virtual server".
Simple enough I know how to do that on inbound virtual servers. How do I setup a virtual server for outbound traffic? I assume this is different from a Virtual Server for inbound traffic. I have tried creating a virtual server with the IP address of the internal server (a.b.c.d), and applying the iRule from step 2 on it. I can see in the statistics for my iRule that Total Executions increment, but server a.b.c.d does not have internet access.
HamishCirrocumulus
There's no difference between a VS for inbound and outbound (Conceptually). The address of the VS is the DESTINATION of the traffic (You've created a VS with the SOURCE IP as the VS address. Just the wrong way round is all).
So for an outbound VS to anywhere simply create a network VS with the address/mask of 0.0.0.0/0.0.0.0 and whatever port the traffic is on.
H
Joe_41441Hamish,
That was exactly what I needed. I knew it was something simple... thanks for your quick response!
-Joe