Forum Discussion

Nimbostratus

Jul 18, 2012

Having trouble with destination based SNAT irule

We are looking to implement destination based SNAT via iRule where all traffic destined to RFC 1918 space does not get SNAT outbound and it retains its private addressing, all other traffic destined t...

Nimbostratus

Jul 19, 2012

The change to local_addr from remote_addr doesn't make any difference. It is still natting everything outbound regardless of the destination address.

when CLIENT_ACCEPTED {

Check if the remote address is part of the private_nosnat data group

if { [class match [IP::local_addr] equals private_nosnat]} {

don't do anything

log local0. "MATCH NO SNAT CLASS"

snat none

} else {

snat behind this address

snat 1.1.1.1

}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Having trouble with destination based SNAT irule

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Trouble with TCP::option set 28

Trouble applying GoDaddy certificate to a virtual server

Destination address at F5

Different policies same destination and pool

Trouble redirecting on APM rejection.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS