For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dave_88944's avatar
Dave_88944
Icon for Nimbostratus rankNimbostratus
May 06, 2009

Different route out based on internal IP

I have what appears to be an odd situation. My BIGIP has a default gateway of say 9.8.7.6 and everything is functioning properly. I now have 2 servers behind the BIGIP which need to SNAT out an IP o...
application delivery
dev
devops
iRules
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
May 07, 2009
Hi,

 

 

Well you can only apply iRules to virtual servers. So you need some sort of virtual server that would be handling outbound traffic in order to apply an iRule.

 

 

So then the question becomes, do you have an outbound wildcard forwarding virtual server (0.0.0.0:0 or 0.0.0.0:25) enabled on the internal VLAN? Probably not if you are using global SNAT.

 

 

I would think that if you want to be specific to mail traffic, you could just create 0.0.0.0:25 as a Performance L4 type virtual, map that virtual to a SNAT pool containing your 1.2.3.99 SNAT address, and point it at a pool containing 1.2.3.4 as the member, and then you don't have to do a rule at all, unless you have other mail servers that you do want to use the default gateway. If that's the case, then a rule similar to what you have there should work if you apply it to the 0.0.0.0:25 virtual.

 

 

Hope that helps,

 

Denny