F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

eric_haupt1's avatar
eric_haupt1
Icon for Nimbostratus rankNimbostratus
Dec 19, 2018

GTM / DNS Restrict source ports from GTM when LB DNS to Microsoft servers

Due to security restrictions, I need to have GTM use source ports 49152-65535 from the self-IP it uses to LB DNS traffic to the DNS servers. I've attempted to force avoidance of certain ports with ir...
application delivery
BIG-IP DNS
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Dec 31, 2018

I have tested the following iRule and it seems to accomplish what you are looking for. Let me know if this works.

when RULE_INIT {

 On the line below, select which IP's are to be part of the SNAT list
set static::ip_list [list 10.1.20.254 ]
}
when CLIENT_ACCEPTED {
set random_snat_ip [lindex $static::ip_list [expr {int(rand()*[llength $static::ip_list])}]]

 On line below this one, replace "http_pool" with the correct pool name where traffic will be load balanced to
set available_pool_member [active_members -list demo_dns_pool]

set random_pool_member [lindex [lindex $available_pool_member [expr {int(rand()*[llength $available_pool_member])}]] 0]

 On line below, replace "80" with pool members listening port. Values of 50000, 49152 and 65535 represent "hint port", minimum port and maximum port, respectively.
set random_port [UDP::unused_port $random_pool_member 53 $random_snat_ip 50000 49152 65535 ]

snat $random_snat_ip $random_port
pool demo_dns_pool member $random_pool_member
}
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Jan 03, 2019

This iRule was tested on both 14.1 and 13.1.1.2 virtual appliances with a GTM only license though both GTM and LTM were provisioned.