Forum Discussion
NimbostratusHelp with iRule to direct traffic to specific pool based on incoming port
I have a rule that is intended to redirect smtp traffic to specific pools based upon the port number for the incoming connection. All of the displays in that are logged to ltm log indicate that the logic is working. The event disable all command is present to prevent execution of another iRule associated with this VIP. (Nothing fancy, just a "force snat" iRule, based upon a couple of conditions, which doesn't seem to fire. My question is: Does there appear to be any issues that "another set of eyes" can see with the iRule below.... (Admitedly a little bit much with the set command, but that's for debugging)
There is a default pool associated with this VIP, but I'd like to override sending traffic to that pool if the conditions below exist. I believe that is possible, right?
Thanks in advance for any assistance,
kckirwan
when SERVER_CONNECTED {
set vipname [ virtual name ]
set client_remote "[IP::client_addr]:[TCP::client_port]"
set client_local "[IP::local_addr clientside]:[TCP::local_port clientside]"
set client_localport "[TCP::local_port clientside]"
set server_local "[IP::local_addr]:[TCP::local_port]"
set server_remote "[IP::server_addr]:[TCP::server_port]"
log local0. "Got connection: Client($client_remote)<->($client_local)LTM($server_local)<->($server_remote)Server"
Use Datagroup /ag_messaging/smtptrap_ips
if { [ class match $clip equals "/ag_messaging/smtptrap-ips" ]} {
log local0.info "=========== SMTPTRAP - Found IP address in DataGroup!!!!: $vipname - $client_local ========="
log local0.info "Client_localport is : $client_localport"
if { [TCP::local_port clientside] equals 465 } {
log local0.info "Send traffic for $clip to smtptrap_465"
pool smtptrap_465 member 10.231.8.197 465
event disable all
}
if { [TCP::local_port clientside] equals 587 } {
log local0.info "Send traffic for $clip to smtptrap_587"
pool smtptrap_587 member 10.231.8.197 587
event disable all
}
log local0.info "After Logic - Sent traffic from $client_remote to smtptrap $client_localport"
}
}
4 Replies
- Kevin_Stewart
Employee
A few things worth mentioning:
1. While it *may* work, there's no indication on DC that the pool command *should* work inside the SERVER_CONNECTED event. I would recommend the CLIENT_ACCEPTED event instead.
2. If you move to the CLIENT_ACCEPTED event, you no longer need the "clientside" notation in the [TCP::local_port] command.
3. You haven't defined "$clip" anywhere.
4. It might make more sense to put your port evaluations into a single if/elseif clause to avoid unnecessary evaluations. The event disable command will stop future event processing, but evaluation will continue inside the current event. 
kckirwan_49724Kevin,
Thanks for you suggestions. I'll make those modifications and hope that it works.
Kevin- kckirwan_49724Thanks again for your help. The suggestions that you gave me, along with changing the default gateway of the pool member to point to the VIP we set up on the LoadBalancer ( not using SNAT for the VIP in question ) worked great!!!
Color this one done!
:-) 
Kevin_Davies_40Nacreous
Just an final note for iRule learners....
The SERVER_CONNECTED event means your pool member has already been selected and the connection has been opened to the member (aka the server). So it is too late to be using the pool command at this point in the processing. The pool command should be used in the client side processing before the LB_SELECTED event is triggered. Usually CLIENT_ACCEPTED (layer 4) or HTTP_REQUEST (layer 7) events as Kevin suggested above. I thought an explanation might be useful.
