inteligent SNAT with iRule

I believe the problem you are experiencing is due to the event you have chosen for your rule. The SERVER_CONNECTED event is evaluated after the serverside of the proxy has been connected. At this point, it is too late to change any aspects of the serverside that would effect the address or port. This is why you don't see any change in the SNAT behavior. Since, the rule you have written doesn't appear to use anything but addresses to make the decisions, you should probably use the CLIENT_ACCEPTED event.

 

 

Also, I'd like to note that the result of the IP::remote_addr and IP::local_addr commands changes depending on the "context" of the event. Serverside events (like SERVER_CONNECTED) will cause IP::remote_addr to return the result of the server's node address (this would likely be the same as the pool member address); and IP::local_addr is the proxy's local address, which would be the SNAT address if using a SNAT. For the clientside events (like CLIENT_ACCEPTED), IP::remote_addr returns the client's address; and IP::local_addr likely returns the targeted virtual address.

 

 

Lastly, you do need to use the IP::addr command to compare IP addresses like you did in the latter commands (though you should bracket or quote the address and netmask together. Ie, either of the following are correct:

 

[IP::addr [IP::remote_addr] equals "2.2.2.0 netmask 255.255.255.0"]

 

or

 

[IP::addr [IP::remote_addr] equals {2.2.2.0 netmask 255.255.255.0} ]

 

 

Good luck!