Forum Discussion

jabuens's avatar
jabuens
Icon for Nimbostratus rankNimbostratus
Apr 13, 2022

iRule for SNAT using subnet range rather than host base

Hi, I'm just a newbie using iRule for SNAT. We have an internal server that being access by our external customer that require us to allow their Company Public IP (i.e /24) rather than single host. ...
application delivery
Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
Apr 13, 2022

Hello Jabuens.

I would do it like this

when CLIENT_ACCEPTED {
	if { [IP::addr [IP::client_addr] equals 170.42.6.0/24] } {
		snat 10.1.147.13
	} elseif { [IP::addr [IP::client_addr] equals 70.40.6.0/24] } {
		snat 10.1.147.13
	} elseif { [IP::addr [IP::client_addr] equals 16.52.171.0/24] } {
		snat 10.1.147.13	
	} elseif { [IP::addr [IP::client_addr] equals 200.52.171.0/22] } {
		snat 10.1.147.13
	}
}

Also, there is a chance to group all the conditions in one single statement.

when CLIENT_ACCEPTED {
	switch [IP::addr [IP::client_addr] mask 255.255.255.0] {
		"170.42.6.0" - "70.40.6.0" - "16.52.171.0" - "200.52.168.0" - "200.52.169.0" - "200.52.170.0" - "200.52.171.0" {
			snat 10.1.147.13
		}
	}
}