Eric_Van_Tol_10
Aug 17, 2012Nimbostratus
iRule for bypassing SNAT when routing
We are changing the logical setup of our network behind our LTM and I'm trying to find out how to write an iRule that does what I need. Our servers sit on a private network behind the LTM and we want non-local networks to be able to reach them via a router on a different VLAN on the LTM. This part isn't a problem, but when the servers send traffic to the gateway (the LTM), the traffic is translated as the VIP on the 'external' VLAN of the LTM. As it is now, we have a 'dmz' VLAN configured on the LTM with 172.16.30.1/24. The 'internal' VLAN has an IP of 172.16.20.1/24. I want the LTM to just route traffic coming from the servers, which is destined for X and Y networks to be forwarded, not SNATed or load balanced at all. We used to bypass all of this by putting direct routes in the servers pointing to a backend router that was on the same subnet as the servers, but we're getting rid of that setup.
This is what I have, but I'm not sure where to apply it, whether I should create a Forwarding VIP, or what.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 172.16.56.0/255.255.255.0] }{
snat none
}
}
I got the rule above from this post I found:
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/68/aft/1180494/showtab/groupforums/Default.aspx
However, again, I'm kind of lost as to where to apply this or if it's even correct. I would normally spend days trying to learn everything there is to know about the LTM, but I need to get this working and I work so infrequently with it that I need a gentle push in the right direction.
Thanks,
evt