iRule for Conditional SNAT not working
Need help. iRule to perform source NAT based on source IP is not working. Requirement is "not to NAT" when source IP is from 172.21.10.0/24 and NAT for everything else. Even when I source it from the IP subnet 172.21.10.0/24 it still ends up getting source NAT'd.
Here is my iRule. Appreciate any help.
when LB_SELECTED {
if {[IP::addr [IP::client_addr] equals 172.21.10.0/24]} {
forward
} else {
snatpool SNAT-NATPOOLX
}
}
I also tried a longer as well but still the same result.
when LB_SELECTED {
if {[IP::addr [IP::client_addr] equals 172.21.10.0/24] and [IP::addr [LB::server addr] equals 172.21.30.48]} {
forward
} else {
snatpool SNAT-NATPOOLX
}
}
I also tried matchclass with Datagroup for the client address but still the same result.
when LB_SELECTED {
Check if client IP is in the client_class
if { [matchclass [IP::client_addr] equals $::nat-exempt-srvrs]}{
ENABLE source NAT. This overrides SNAT on the VIP or a default SNAT
snat none
forward
} else {
DISABLE source NAT. This overrides SNAT on the VIP or a default SNAT.
snatpool SNAT-NATPOOLX
}
}