Forum Discussion
Matt_H
Nimbostratus
NimbostratusDon't use automap when VIP forwarding
I'm trying to get certain IP addresses (clients) to not utilize any kind of snat (including automap) when utilizing a forwarding virtual server. Here's the iRule I thought would have worked.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals xxx.xxx.xxx.xxx] or [IP::addr [IP::remote_addr] equals xxx.xxx.xxx.xxx] or [IP::addr [IP::remote_addr] equals xxx.xxx.xxx.xxx] } {
snat none
forward
}
}
Reason: I'm trying to get Legato backup agents to see the real address of the Legato servers. The agents listen for connections from the Legato server for backup scheduling. After the schedule is received, the connection is terminated and the agent initiates a connection back to the host it saw the connection come from...in this case the automap snat. So it's trying to send its backups to the automap snat. I would have thought the Legato product would be a little more sophisticated in scheduling the backup and who it should send backups to, but the server guys are telling me that is just how Legato works.
Thanks for any assistance.
iRules newbie here.
hoolioCirrostratus
That rule looks like it should work to disable SNAT for the specific IP addresses. I'm not sure whether you need to specify to forward if it's already attached to a FastL4 virtual server.
Are client connections being reset, timing out, or completing; but with the source address translated?
If you wanted, you could create a datagroup (class), with your source IP addresses:class no_snat_addresses { network 10.10.10.0 netmask 255.255.255.0 host 10.11.0.10 }when CLIENT_ACCEPTED { if { [matchclass [IP::remote_addr] equals $::no_snat_addresses] }{ snat none } }
Aaron