DHCP Relay No-NAT

Question

As detailed here: https://devcentral.f5.com/tech-tips/articles/dhcp-relay-virtual-server.UPaOpDmmv1U if there is a second hop that is an F5 apparently you need to create a No-NAT. I don't understand why as normally no NAT will occur unless configured.&nbsp;
Is this because of some automatic NAT function performed by the DHCP Relay VS type?&nbsp;

nitass · Answer

Is this because of some automatic NAT function performed by the DHCP Relay VS type?i think so. anyway, it is also snated even having dhcp-no-translate snat object. i am running 11.1.0 hf5. by the way,  i am not sure why virtual server name is not shown in tcpdump (lis=). 
  
  without dhcp-no-translate snat object 
  
 [root@B6400-R69-S9:Active] config  tmsh show sys version|head

Sys::Version
Main Package
  Product  BIG-IP
  Version  11.1.0
  Build    2268.0
  Edition  Hotfix HF5
  Date     Mon Aug 20 14:13:45 PDT 2012

root@B6400-R69-S9(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 0.0.0.0:67
    dhcp-relay
    ip-protocol udp
    mask any
    pool foo
    profiles {
        udp { }
    }
    translate-address disabled
    vlans {
        external
    }
    vlans-enabled
}
root@B6400-R69-S9(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:67 {
            address 200.200.200.101
        }
    }
}
root@B6400-R69-S9(Active)(/Common)(tmos) list ltm snat
root@B6400-R69-S9(Active)(/Common)(tmos)

[root@B6400-R69-S9:Active] config  tcpdump -nni 0.0 udp port 67 or icmp -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:40:14.969569 IP 9.9.9.1.67 &gt; 200.200.200.101.67: BOOTP/DHCP, Request from 00:50:56:b3:59:8d, length: 300 in slot1/tmm0 lis=
18:40:14.969630 IP 9.9.9.9.67 &gt; 200.200.200.101.67: BOOTP/DHCP, Request from 00:50:56:b3:59:8d, length: 300 out slot1/tmm0 lis=

with dhcp-no-translate snat object 
  
 root@B6400-R69-S9(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 0.0.0.0:67
    dhcp-relay
    ip-protocol udp
    mask any
    pool foo
    profiles {
        udp { }
    }
    translate-address disabled
    vlans {
        external
    }
    vlans-enabled
}
root@B6400-R69-S9(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:67 {
            address 200.200.200.101
        }
    }
}
root@B6400-R69-S9(Active)(/Common)(tmos) list ltm snat
ltm snat dhcp-no-translate {
    origins {
        9.9.9.1/32 { }
    }
    translation /Common/9.9.9.1
}

[root@B6400-R69-S9:Active] config  tcpdump -nni 0.0 udp port 67 or icmp -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:49:15.304996 IP 9.9.9.1.67 &gt; 200.200.200.101.67: BOOTP/DHCP, Request from 00:50:56:b3:59:8d, length: 300 in slot1/tmm0 lis=
18:49:15.305056 IP 9.9.9.9.67 &gt; 200.200.200.101.67: BOOTP/DHCP, Request from 00:50:56:b3:59:8d, length: 300 out slot1/tmm0 lis=

what_lies_bene1 · Answer

Interesting. Thanks for testing this. So perhaps a bug or perhaps it just doesn't matter?

Forum Discussion

DHCP Relay No-NAT

2 Replies

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

DHCP Relay Virtual Server

APM-DHCP Access Policy Example and Detailed Instructions

DHCP Monitor

DHCP Relay

Client side to server side SNI relay iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS