Forum Discussion
aj1
Nimbostratus
NimbostratusIP Forwarding Virtual Server v/s SNAT
Trying to understand the difference between the two. Can either one of them be used for forwarding traffic from load balanced nodes (private addresses) to the internet?
We have LTMs in an HA pa...
nitass_89166
Noctilucent
NoctilucentFor testing, i created a SNAT object, added the two private nodes in the inside address list and, and gave their vserver as the outside address. "tmsh show /sys connection" showed all traffic sourced from the nodes being SNAT'd to their vserver address. We do want traffic to get SNAT'd but only for destinations off-campus. Is there any way to do that by creating a SNAT object.
can you try something like this? only virtual server is used (no snat list) but upstream device needs to have route or arp for 190.191.192.193 (to bigip).
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal node_address
ltm data-group internal node_address {
records {
10.10.10.1/32 { }
10.10.10.2/32 { }
}
type ip
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal campus_address
ltm data-group internal campus_address {
records {
65.66.67.68/32 { }
}
type ip
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when CLIENT_ACCEPTED {
if { [class match -- [IP::client_addr] equals node_address] } {
if { [class match -- [IP::server_addr] equals campus_address] } {
snat none
} else {
snat 190.191.192.193
}
}
}
}
Would really appreciate any suggestions/pointers to my second question.
it may be easier if you can provide some example.
aj1Thank you nitass. Will this rule be applied to the wildcard forwarding vserver?- nitass_89166yes by the way, i corrected the irule as shown below.