Forum Discussion
markj_58101
Nimbostratus
NimbostratusIrule SNAT based on destination IP address.
Hi there, I am looking to create an Irule SNAT for outbound requests to a specific IP address. So when source = X and destination = Y then use the SNAT. I have seen various other similar methods on he...
- I believe you would need IP::local_addr in this instance for the destination, and I think you have the irule in the right place.
I'm running some similar SNAT's at the moment, but I had some odd issues.
Here's the same thing (there may be more efficient ways of doing this...), but using datagroups and an snat pool instead of a single snat. I had some issues using a single snat in my config, but it worked fine using an snatpool consisting of a single snat IP.
This will match any source IP in datagroup webserver_datagroup, where the destination is in external_servers, and snat it to the address(es) in snat_pool_1when CLIENT_ACCEPTED { set failed 0 if {[matchclass [IP::client_addr] equals $::webserver_datagroup] \ and [matchclass [IP::local_addr] equals $::external_servers]}{ use snatpool snat_pool_1 } }
DJ_23086
Altocumulus
AltocumulusI believe you would need IP::local_addr in this instance for the destination, and I think you have the irule in the right place.
I'm running some similar SNAT's at the moment, but I had some odd issues.
Here's the same thing (there may be more efficient ways of doing this...), but using datagroups and an snat pool instead of a single snat. I had some issues using a single snat in my config, but it worked fine using an snatpool consisting of a single snat IP.
This will match any source IP in datagroup webserver_datagroup, where the destination is in external_servers, and snat it to the address(es) in snat_pool_1
when CLIENT_ACCEPTED {
set failed 0
if {[matchclass [IP::client_addr] equals $::webserver_datagroup] \
and [matchclass [IP::local_addr] equals $::external_servers]}{
use snatpool snat_pool_1
}
}