Forum Discussion

J_Peterman_4266's avatar
J_Peterman_4266
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

Having trouble with destination based SNAT irule

We are looking to implement destination based SNAT via iRule where all traffic destined to RFC 1918 space does not get SNAT outbound and it retains its private addressing, all other traffic destined t...
application delivery
dev
devops
iRules
J_Peterman_4266's avatar
J_Peterman_4266
Icon for Nimbostratus rankNimbostratus
Jul 19, 2012
Posted By nitass on 07/19/2012 10:47 AM

 

can you list private_nosnat data group i.e. b class private_nosnat list?

 

 

and can you add log command in the irule to log IP::local_addr address?

 

ltm data-group private_nosnat {

 

partition Production

 

records {

 

10.0.0.0/8 { }

 

172.16.0.0/12 { }

 

192.168.0.0/16 { }

 

}

 

type ip

 

}

 

 

I have turned on logging of both the remote_addr, and the local_addr below and am attempting to connect to the remote_addr (which should be matched in the first if clause based on the logic of "if class match IP::remote_addr equals private_nosnat, but as you can see below, it isn't matching and it is instead just going onto the else statement and SNAT'ing outbound.

 

 

ltm 07-19 19:04:17 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : MATCH AND SNAT

 

ltm 07-19 19:04:17 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : 10.128.10.15%1

 

ltm 07-19 19:04:17 info local/tmm2 tmm2[5220]: Rule prod_nonprivate_snat : 10.35.157.15%1

 

 

 

Very confused...