Forum Discussion
Romel_77740
Nimbostratus
Nimbostratusirule to replace source IP with an arbitrary IP
When a packet hits a bigIP VIP, I need an irule to replace the source IP of the received packet with an arbitrary IP before forarding the packet to some destination server.
Is there an irule capability?
4 Replies
- the SNAT command is what you are looking for, i think: Click here
Romel_77740Ok. I am trying a simple code as shown below. When the snat command is commented out, the virtual server that is loaded with the irule forwards the packet. When I uncomment out the snat statement, the virtual server does not forward the packet that matches the source IP w.x.y.z though the log statements show in /var/log/ltm file.
I am using bigIP version LTM 9.4.4 HF3.
What am I doing wrong?
when CLIENT_ACCEPTED {
if {[IP::addr [IP::client_addr] equals w.x.y.z]} {
log local0. "before snat"
snat m.n.o.p
log local0. "after snat"
}
if {[UDP::payload] contains "_avcv_"} {
log local0. "in UDP payload"
node a.b.c.d 5060
}
}- Romel_77740Can the translation IP be any arbitrary IP or it has to be defined somewhere in bigIP configuration? Must the origin IP (the client's IP) be RFC1918 (ie does the code check for it to be RFC1918)?
hoolioCirrostratus
There aren't any restrictions on what IP is used for a SNAT. But if you want to use symmetric load balancing, the destination server would need to route the response back to the LTM.
Aaron
