Forum Discussion
Heidi_35827
Nimbostratus
NimbostratusiRule for using SNAT and Next-Hop for specific pool member only
I have a unique situation that I believe could be solved with an iRule, but I need some help.
We have two DMZ's - Production and DR. Each DMZ has an F5 LTM. In each DMZ we are setting up Goo...
nitass
Employee
Employeeyou can enable/disable snat after server is selected in LB_SELECTED.
e.g.
floating self ip (snat automap)
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list net self 200.200.200.14/24
net self 200.200.200.14/24 {
address 200.200.200.14/24
allow-service {
default
}
floating enabled
traffic-group traffic-group-1
unit 1
vlan internal
}
config
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 41
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:80 {
address 200.200.200.101
}
200.200.200.111:80 {
address 200.200.200.111
}
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when LB_SELECTED {
switch [LB::server addr] {
200.200.200.101 { snat automap }
default { snat none }
}
}
when SERVER_CONNECTED {
log local0. "[IP::local_addr]:[TCP::local_port] > [IP::remote_addr]:[TCP::remote_port]"
}
}
test
[root@ve11a:Active:In Sync] config tail -f /var/log/ltm
Jun 5 07:56:09 ve11a info tmm1[9801]: Rule /Common/qux SERVER_CONNECTED: 200.200.200.14:44267 > 200.200.200.101:80
Jun 5 07:56:11 ve11a info tmm[9801]: Rule /Common/qux SERVER_CONNECTED: 172.28.24.1:44268 > 200.200.200.111:80
