For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wixxyl_98682's avatar
wixxyl_98682
Icon for Nimbostratus rankNimbostratus
Jul 31, 2012

Do I need iRule and SNAT?

I'm very new to the F5's and the iRules especially. The iRules seem to be a very powerful tool, I'm amazed at what I'm finding out about using them. I'm a tad confused on how I can use them in my envi...
config
design
wixxyl_98682's avatar
wixxyl_98682
Icon for Nimbostratus rankNimbostratus
Aug 01, 2012
Really the ports only come into play on the SNAT redirection. I did neglect to mention that, I apologize. There should be separate web pages for external clients versus internal clients. I think I can simplify this to have it work as follows. Clients connecting from every subnet except our internal IP ranges, should be sent to this pool, SNAT to the virtual server and change the port to this. so it would look like the iRule below I think (this is rather difficult to explain outside of my own head...), but here goes. Thank you for the link too, this is where I got this iRule from, it looks like what I've been looking for, assuming my syntax is correct. The other thing I could look at is using a table lookup for all of my internal IP's (I'm not sure how many ranges we have here, I've only been here a month...) but that is another thing to try later on, I'm mainly trying to get the first part working now.

 

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::local_addr] equals 172.17.139.0/24] and [TCP::local_port] == 443] }{

 

snat 172.17.140.100 9099

 

else

 

snat 172.17.140.100 9030

 

}

 

}