For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Touch_100239's avatar
Touch_100239
Icon for Nimbostratus rankNimbostratus
Aug 02, 2010

iRule Implementation (SNAT)

Hi All I am new about F5 iRule and facing a problem about iRule implementation on F5. I was struggling with it for more than two weeks. Really hope if there is someone could help me to solve it. My sc...
application delivery
dev
devops
iRules
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Aug 02, 2010
Hi Touch,

Undestood. Thank you for the clarification.

Let me rephrase the what I think might be happening and what you can do.

There are 2 items that might be causing your issue

1) You are using matchclass command without a datagroup

2) The iRule event you are using (CLIENT_ACCEPTED) is only triggered when the client side of the connection is established but before the F5 has choosen the server IP through it's normal load balancing decision that you have configured.

My thoughts are to use LB_SELECTED event which is triggered after the F5 has choosen the pool member and replacing the matchclass command

The iRule would look like the following 


when LB_SELECTED {
    log local0 "The Client IP is [IP::client_addr] and the node IP is [IP::remote_addr]"
    if {[IP::addr [IP::client_addr] equals 192.168.1.2] and [IP::addr [LB::server addr] equals 192.168.2.2]} {
      snat 192.168.2.3
     } else {
      snat none
    }
}

I hope this helps

Bhattman