Forum Discussion

Spiderman_11815's avatar
Spiderman_11815
Icon for Nimbostratus rankNimbostratus
Jan 23, 2013

iRule for Conditional SNAT not working

Need help. iRule to perform source NAT based on source IP is not working. Requirement is "not to NAT" when source IP is from 172.21.10.0/24 and NAT for everything else. Even when I source it from the...
application delivery
dev
devops
iRules
Spiderman_11815's avatar
Spiderman_11815
Icon for Nimbostratus rankNimbostratus
Jan 23, 2013

I see why it is not working for the IPs that are outside of the 172.21.10.0/24 range. It appears the LB is not NAT'ng for all clients. Here is the tcpdump output from the real server.

 

 

TCPdump from host 10.75.134.8:

 

-------------------------------------

 

22:05:56.472602 IP 10.75.134.8.52365 > 172.21.30.48.http: S 846262350:846262350(0) win 4380

 

22:05:56.472649 IP 172.21.30.48.http > 10.75.134.8.52365: S 1181039792:1181039792(0) ack 846262351 win 5792

 

 

TCPdump from host 172.21.10.128 (NAT exempt IP)

 

22:08:24.419911 IP 172.21.10.128.49559 > 172.21.30.48.http: . ack 181 win 4560

 

22:08:24.420174 IP 172.21.10.128.49559 > 172.21.30.48.http: F 199:199(0) ack 181 win 4560