Forum Discussion
iRule for Conditional SNAT
i need to configre iRule for Conditional SNAT while (10.10.10.1 & 10.10.10.2) connecting to the VS SNAT will be 10.214.214.148 and the rest of clients the SNAT will be 10.214.214.147
current setup:
snat pool "DPG-147" = 10.214.214.147 & i have another snat pool "DPG-148" = 10.214.214.148
ltm virtual DPG-Staging-5006
description Cube
destination 192.168.30.147:pxc-spvr
ip-protocol tcp
mask 255.255.255.255
source 0.0.0.0/0
source-address-translation
pool DPG-147
type snat
Thanks
Mohanad
Hi,
Do you really need the SNAT pool, or you just need to definean IP address to SNAT on iRule?
e.g.
# Classic syntax when CLIENT_ACCEPTED { if { [IP::client_addr] eq "10.10.10.1" || [IP::client_addr] eq "10.10.10.2" } { snat 10.214.214.148 } else { snat 10.214.214.147 } } # Short way when CLIENT_ACCEPTED { if { "10.10.10.1, 10.10.10.2" contains [IP::client_addr] } { snat 10.214.214.148 } else { snat 10.214.214.147 } } # Expansive way, increase list when needed when CLIENT_ACCEPTED { switch [IP::client_addr] { 10.10.10.1 - 10.10.10.2 { snat 10.214.214.148 } default { snat 10.214.214.147 } } }
You must change line from "snat <IP ADDR>" to "snatpool <POOLNAME>" if you need to use a SNAT pool.
I hope it helps.
- cjuniorNacreous
Hi,
Do you really need the SNAT pool, or you just need to definean IP address to SNAT on iRule?
e.g.
# Classic syntax when CLIENT_ACCEPTED { if { [IP::client_addr] eq "10.10.10.1" || [IP::client_addr] eq "10.10.10.2" } { snat 10.214.214.148 } else { snat 10.214.214.147 } } # Short way when CLIENT_ACCEPTED { if { "10.10.10.1, 10.10.10.2" contains [IP::client_addr] } { snat 10.214.214.148 } else { snat 10.214.214.147 } } # Expansive way, increase list when needed when CLIENT_ACCEPTED { switch [IP::client_addr] { 10.10.10.1 - 10.10.10.2 { snat 10.214.214.148 } default { snat 10.214.214.147 } } }
You must change line from "snat <IP ADDR>" to "snatpool <POOLNAME>" if you need to use a SNAT pool.
I hope it helps.
- MohanadCirrostratus
Hello.
I would use also one the cjunior irules, but take into account that it's possible to configure this directly without iRule using 2 virtuals with different source ip. For example.
ltm virtual DPG-Staging-5006 description Cube destination 192.168.30.147:pxc-spvr ip-protocol tcp mask 255.255.255.255 source 0.0.0.0/0 source-address-translation pool DPG-147 type snat ltm virtual DPG-Staging-5006_2 description Cube destination 192.168.30.147:pxc-spvr ip-protocol tcp mask 255.255.255.255 source 10.10.10.0/30 source-address-translation pool DPG-148 type snat
REF - https://support.f5.com/csp/article/K14800
Also using policies.
KR,
Dario.
- MohanadCirrostratus
thank you Dario Garrido i prefer using snat instead of creating new VS
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com