Forum Discussion
RoutingLoop_179
Cirrus
CirrusDynamic 1:1 SNAT irule
Hi guys - looking for some feedback regarding my irule for 1:1 dynamic NAT. e.g we might use 10/8 on the client inside but then have only have a /17 pool on public outside, although over allocated t...
RoutingLoop_179Cirrus
Cirrusreposting irule code on request - !note! code in two halves:
timing on for testing
timing on
when RULE_INIT {
set ::oct3 0
set ::oct4 1
set static::oct3end 0
set static::oct4end 255
set static::timeout 600
set static::debug 1
}
when CLIENT_ACCEPTED {
debugging
if {$static::debug} {
foreach key [table keys -subtable "ClientDynNat" -notouch] {
log local0. "table ClientDynNat key: $key"
}
}
if { [set SnatTo [table lookup -subtable "ClientDynNat" [IP::client_addr]]] ne "" } {
to reset idle timeout of dynamic NAT address so it's not re-allocated until client SNAT times out.
table lookup -subtable "DynNatAddreses" $SnatTo
log local0. "Found exisiting snat in ClientDynNat for [IP::client_addr]: [table lookup -notouch -subtable "ClientDynNat" [IP::client_addr]]"
debugging
if {$static::debug} {
log local0. "table lookup in DynNatAddress for $SnatTo: [table lookup -notouch -subtable "DynNatAddreses" $SnatTo]"
log local0. "table remaining ClientDynNat for [IP::client_addr]: [table timeout -subtable "ClientDynNat" -remaining [IP::client_addr]]"
log local0. "table remaining DynNatAddress for $SnatTo: [table timeout -subtable "DynNatAddreses" -remaining $SnatTo]"
}
snat $SnatTo
log local0. "deleting dynnats in tables"
table delete -subtable "ClientDynNat" -all
table delete -subtable "DynNatAddreses" -all
} else {
debugging
if {$static::debug} {
foreach key [table keys -subtable "DynNatAddreses" -notouch] {
log local0. "table DynNatAddreses key: $key"
}
log local0. "DynNatAddress table count -- [table keys -subtable "DynNatAddreses" -count]"
log local0. "no snat for [IP::client_addr]"
}
