For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Van_Tol_10's avatar
Eric_Van_Tol_10
Icon for Nimbostratus rankNimbostratus
Aug 17, 2012

iRule for bypassing SNAT when routing

We are changing the logical setup of our network behind our LTM and I'm trying to find out how to write an iRule that does what I need. Our servers sit on a private network behind the LTM and we want...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Aug 19, 2012
it depends on who initiates a connection.

e.g. 

 by server

[root@ve10:Active] config  b virtual fwd_outbound list
virtual fwd_outbound {
   ip forward
   destination 172.16.56.0:any
   mask 255.255.255.0
   vlans internal enable
}

 by client

[root@ve10:Active] config  b virtual fwd_inbound list
virtual fwd_inbound {
   ip forward
   snat automap
   destination 172.16.20.0:any
   mask 255.255.255.0
   rules myrule
   vlans external enable
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
   if {[class match -- [IP::remote_addr] equals address_class]} {
      snat none
   }
}
}
[root@ve10:Active] config  b class address_class list
class address_class {
   network 172.16.56.0/24
}