Forum Discussion
Rich_Caldwell_1
Nimbostratus
NimbostratusHelp with "smart SNAT"
I need to build an intelligent SNAT irule that will not snat traffic when communicating with a particular subnet, otherwise use the defined snats on the box. I have been following the post from below, but seem to get a syntax error.
http://devcentral.f5.com/default.aspx?tabid=28&view=topic&forumid=5&postid=1540
Here is my irule:
when CLIENT_ACCEPTED {
If {[IP::addr 68.28.198.0 equals "[IP::local_addr]/255.255.255.0"]} {
use snatpool none
}
}
Here is the Error I get:
01070151:3: Rule [Internal_to_Exchange_no_SNAT] error:
line 2: [undefined procedure: If] [If {[IP::addr 68.28.198.0 equals "[IP::local_addr]/255.255.255.0"]} {
snat none
}]
What I am trying to do is to not snat traffic when the clients from the internal vlan are communicating with hosts on the 68.28.198.0/24 network. All other communication should use the defined snats below:
snat Rebceefe_Outbound_68.28.198.10 {
translation 68.28.198.10
origin 10.25.68.20
origin 10.25.68.30
origin 10.25.68.40
origin 10.25.68.50
vlan BCEE_Int_App enable
}
snat Rebceesog_Outbound_68.28.198.15 {
translation 68.28.198.15
origin 10.25.68.83
origin 10.25.68.86
vlan BCEE_Int_App enable
}
snat Rebceeng_Outbound_68.28.198.10 {
translation 68.28.198.10
origin 10.25.68.76
origin 10.25.68.80
vlan BCEE_Int_App enable
}
Any idea what might be wrong with my rule or syntax? Or is there a better way to handle this?
- JRahm
Admin
decapitalize your If - BTW, for the mask you can use any of the following forms:
a.b.c.d/prefixlen
a.b.c.d/e.f.g.h
a.b.c.d mask e.f.g.h
So, if you want you could type "[IP::local_addr]/24".
Just an FYI.
