Forum Discussion

J_Peterman_4266's avatar
J_Peterman_4266
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

Having trouble with destination based SNAT irule

We are looking to implement destination based SNAT via iRule where all traffic destined to RFC 1918 space does not get SNAT outbound and it retains its private addressing, all other traffic destined t...
application delivery
dev
devops
iRules
J_Peterman_4266's avatar
J_Peterman_4266
Icon for Nimbostratus rankNimbostratus
Jul 19, 2012
Here is what I have from the log. I updated to Log on both instances. Here is what I'm seeing. It is only matching the second rule in which it logs MATCH AND SNAT. This is true when I use local_addr, client_addr, or remote_addr.

 

 

iRule:

 

 

when CLIENT_ACCEPTED {

 

 

Check if the remote address is part of the private_nosnat data group

 

if { [class match [IP::remote_addr] equals private_nosnat]} {

 

 

don't do anything

 

log local0. "MATCH NO SNAT CLASS"

 

snat none

 

 

} else {

 

 

snat behind this address

 

log local0. "MATCH AND SNAT"

 

snat 1.1.1.1

 

 

}

 

}

 

 

 

LOGS:

 

 

ltm 07-19 17:14:56 info local/tmm1 tmm1[5219]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:57 info local/tmm3 tmm3[5222]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:57 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:58 info local/tmm1 tmm1[5219]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:58 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:59 info local/tmm3 tmm3[5222]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:59 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:59 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:14:59 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:00 info local/tmm1 tmm1[5219]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:00 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:01 info local/tmm3 tmm3[5222]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:01 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:02 info local/tmm1 tmm1[5219]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:02 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:03 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:04 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 17:15:04 info local/tmm tmm[5217]: Rule prod_nonprivate_snat : MATCH AND SNAT