Forum Discussion
NimbostratusHow to use iRule to create SNAT based on destination ip address
I'm use BIG-IP F5 Version: 11.1.0 (Build 1943.0)
I'm trying to configure outbound SNAT based on destination address.
I have three vlan on my f5.
For example, my vlan is public, front-end and back-end vlan.
I want to initiate outbound communication from front-end vlan to internet on public vlan.
I found I can use SNAT for it. And it work very well.
So if I initiate communication from front-end to back-end vlan. It use SNAT too.
But I don't want to use SNAT when communication from front-end to back-end vlan.
I'm want to use this iRule for solve this problem. But i don't know if this is the correct way to do it.
when CLIENT_ACCEPTED {
if { [class match [IP::server_addr] equals private_net]} {
forward
} else {
snat 40.x.x.40
}
}
}
Anyone could suggest some example iRules?
2 Replies
- The_BhattmanHi Thananchai,
You will need to use [IP::local_addr] instead of [IP::server_addr]. This is because [IP::server_addr] is used when the server side connection is already established. This is not established on the CLIENT_ACCEPTED event.
I hope this helps,
Bhattman 
thananchai_pany
thank you very much
