iRule for SNATing pool traffic to Virtual

Background:

All my pools have forwarding Virtual server's in and outbound because the pool members use real IP addresses. This is probably a kind of rare setup these days.

I run a Virtual for SMTP, for hosting 1000's of customer domains. Occaisionally a pool member will need to talk back to the Virtual. Usually this is when two customers send each other email.

Problem:

The pool members can't connect to the Virtual server of which it is a member in an IP forwarding environment.

Solution:

Apply this iRule to the Virtual. It will SNAT your Pool members when they try to connect to the Virtual.


when CLIENT_ACCEPTED {
  if { ( [matchclass [IP::remote_addr] equals $::DATAGROUP ] ) and ( [IP::addr [IP::local_addr] equals "virtual.ip.address"] ) }
  {
    log "Automapping [IP::remote_addr] -> [IP::local_addr]"
    snat automap
  }
  else
  {
    log "Not Automapping [IP::remote_addr] -> [IP::local_addr]"
  }
}

Where DATAGROUP is the name of a Data Group that contains the Pool subnet.

Hope it helps someone, as I searched here and didn't find anything that was specifically to solve this problem. Tested on LTM 3400 running 9.2.

Forum Discussion

iRule for SNATing pool traffic to Virtual

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Decrypting TLS traffic on BIG-IP

BIG-IP VE in Red Hat OpenShift Virtualization

F5 Distributed Cloud - Regional Decryption with Virtual Sites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS