Forum Discussion
Nimbostratushelp with irule for snat
i've got two different irules that working fine , but not together 😞
and i need both irules features in the same VIP.
iRule_AutoMap_Networks
when CLIENT_ACCEPTED {
# Check if the client IP address is a member of the address data group named AutoMap_Hosts
if { [matchclass [IP::client_addr] equals AutoMap_Hosts]} {
# Check if the client's destination port is in the AutoMap_Ports integer data group
if { [matchclass [TCP::local_port] equals AutoMap_Ports]} {
# Default action is to not SNAT
snat automap
# Exit this event to avoid disabling SNAT below
return
}
}
}iRule_No_AutoMap_Networks
when CLIENT_ACCEPTED {
# Check if the client IP address is a member of the address data group named No_AutoMap_Hosts
if { [matchclass [IP::client_addr] equals No_AutoMap_Hosts]} {
# Check if the client's destination port is in the No_AutoMap_Ports integer data group
if { [matchclass [TCP::local_port] equals No_AutoMap_Ports]} {
# Default action is to not SNAT
snat none
# Exit this event to avoid disabling SNAT below
return
}
}
}i need to combined the condition and the result for SNAT or not in the same irule.
the main idea is to control traffic matched that VIP and having an option to control networks , hosts and ports to be SNAT or not.
any idea ?? 🙂
BR , Dor.
1 Reply
- Kai_Wilke
MVP
Hi Bezeqint,
the return command would just stop the current iRule from further processing. To stop additional code you may have to combine the independent events into a single iRule...
iRule (combined)
when CLIENT_ACCEPTED { Check if the client IP address is a member of the address data group named AutoMap_Hosts if { [matchclass [IP::client_addr] equals AutoMap_Hosts]} { Check if the client's destination port is in the AutoMap_Ports integer data group if { [matchclass [TCP::local_port] equals AutoMap_Ports]} { Default action is to not SNAT snat automap Exit this event to avoid disabling SNAT below return } Check if the client IP address is a member of the address data group named No_AutoMap_Hosts if { [matchclass [IP::client_addr] equals No_AutoMap_Hosts]} { Check if the client's destination port is in the No_AutoMap_Ports integer data group if { [matchclass [TCP::local_port] equals No_AutoMap_Ports]} { Default action is to not SNAT snat none Exit this event to avoid disabling SNAT below return } }... or additionally issue the command [event CLIENT_ACCEPTED disable] to stop the processing of additional CLIENT_ACCEPTED events...
iRule1
when CLIENT_ACCEPTED { Check if the client IP address is a member of the address data group named AutoMap_Hosts if { [matchclass [IP::client_addr] equals AutoMap_Hosts]} { Check if the client's destination port is in the AutoMap_Ports integer data group if { [matchclass [TCP::local_port] equals AutoMap_Ports]} { Default action is to not SNAT snat automap Exit this event to avoid disabling SNAT below event CLIENT_ACCEPTED disable return } }iRule2
when CLIENT_ACCEPTED { Check if the client IP address is a member of the address data group named No_AutoMap_Hosts if { [matchclass [IP::client_addr] equals No_AutoMap_Hosts]} { Check if the client's destination port is in the No_AutoMap_Ports integer data group if { [matchclass [TCP::local_port] equals No_AutoMap_Ports]} { Default action is to not SNAT snat none Exit this event to avoid disabling SNAT below event CLIENT_ACCEPTED disable return } }Cheers, Kai
