Forum Discussion
NimbostratusGTM Private to Public Translation
I have a GTM in DMZ using private IP addresses for wide IP. I need to translate the 1st three octets of the wide IPs to public addresses. I believe I have to use an irule to accomplish this. I tried using the following with no success: when LB_SELECTED { if { [LB::server addr] contains ".10." } { log local0. "Pool member [LB::server addr]"} } This irule is assigned to a wide IP. I’m able to log the private address. I just can’t find a command to use to change the 1st 3 octets.
8 Replies
- Kai_Wilke
MVP
Hi Kmussa,
you may parse the remaining octed (incl. possible route domains) and then substitute the new leading octets with this command.
set new_ip "123.123.123.[getfield [LB::server addr] "." 4]"Cheers, Kai
Kmussa_164917I still get the private address. It's not translating.
- Kai_WilkeHow does the iRule look like? Cheers, Kai
- Kmussa_164917
Hi Kai,
Below is the irule: when LB_SELECTED { if { [LB::server addr] contains ".10." } { log local0. "Pool member [LB::server addr]" set new_ip "1.1.1.[getfield [LB::server addr] split "." 4]"} elseif { [LB::server addr] contains ".20." } { log local0. "Pool member [LB::server addr]" set new_ip "2.2.2.[getfield [LB::server addr] split "." 4]"} }
- Kai_WilkeThe command I've posted is just a way to parse the last octed of your existing IP and then transform this IP into a new one. It does not changes anything on the wire yet. But you could use this command in combination with other commands (depending on what you're trying to solve). To help you further, I'd need some more details of the configuration you're trying to achive? Cheers, Kai
- Kmussa_164917
GTM is currently resolving all DNS queries to private addresses. I need to change DNS response to public addresses. For example: xyz.com can be resolved to 10.10.10.125 or 20.20.20.125. I need to write an irule to do the following: 1. if xyz.com resolves to 10.10.10.125 then DNS response should be 1.1.1.125 2. if xyz.com resolves to 20.20.20.125 then DNS response should be 2.2.2.125.
Thank you
- Kai_Wilke
Hi Kmussa,
customized Hamish Marson's "GTM traslation" iRule for you needs...
Original iRule can be found here: https://devcentral.f5.com/wiki/iRules.GTM-Translation.ashx
when DNS_RESPONSE { foreach rr [DNS::answer] { if { ([DNS::type $rr] eq "A") } then { if { [IP::addr [DNS::rdata $rr] equals 10.10.10.0/24]) } then { log -noname local0.debug "DNS Rewrite: [DNS::rdata $rr] > 1.1.1.[getfield [DNS::rdata $rr] "." 4]" DNS::rdata $rr "1.1.1.[getfield [DNS::rdata $rr] "." 4]" } elseif { [IP::addr [DNS::rdata $rr] equals 20.20.20.0/24]) } then { log -noname local0.debug "DNS Rewrite: [DNS::rdata $rr] > 2.2.2.[getfield [DNS::rdata $rr] "." 4]" DNS::rdata $rr "2.2.2.[getfield [DNS::rdata $rr] "." 4]" } } } }Note: I don't have a GTM to my hands, hope it will work out... 🙂
Cheers, Kai
Stanislas_Piro2Cumulonimbus
Hi,
to translate address on GTM, one solution is to disable virtual server automatic creation and to create them manually in GTM with:
- IP address : IPs for DNS responses
- Translated address: IP of LTM virtual server (used for monitoring)
