Forum Discussion

jmloveless_4477's avatar
Icon for Nimbostratus rankNimbostratus
Nov 09, 2010

iRule to SNAT and select pool member

Good evening,




I am using the LC with an irule on the default gateway pool to snat a particular internal client to an outside address (overriding the automap on the default gateway pool). The SNAT works great until the connection is routed out the wrong ISP. I need to be able to set the SNAT and Pool member with the same irule. I have tried couple things but they dont seem to work, any input would be appreciated!!!



here is an example of one iRule I have tried:





if {[IP::addr "[IP::client_addr]" equals ""]} {


snat X.X.X.10


pool default_gateway_pool member X.X.X.1 0




elseif {[IP::addr "[IP::client_addr]" equals ""]} {


snat Y.Y.Y.10


pool default_gateway_pool member Y.Y.Y.1 0












9 Replies

  • Hi,



    That iRule looks valid. What issues are you seeing when you test it? Is a pool selected? Are the connections SNAT'd?



  • Actually, maybe the issue is with specifying port 0 for the pool member? If that's the issue, you might try something like this:

       if {[IP::addr [IP::client_addr] equals]} {
          snat  X.X.X.10
          pool default_gateway_pool member X.X.X.1 [TCP::local_port]
       elseif {[IP::addr [IP::client_addr] equals]} {
          snat  Y.Y.Y.10
          pool default_gateway_pool member Y.Y.Y.1 [TCP::local_port]

  • Thanks for the quick response, do I need the [TCP::local_port]


    or can I just drop the port all together?



    The SNAT works and the correct pool is selected but correct member is not selected from what I can tell. The reason thie is failing is ISP B drops connections with a source address of anything but ISP B assigned addresses.



    Any logging recommendations to make sure the correct pool and member are selected?



    Thanks again
  • When I had a similar challenge, I created a separate pool containing only that specific member and selected the pool (rather than member) from the iRule.
  • Chris, funny you mention that, I just did the same thing this morning and it appears to be working!!! FingersCrossed.
  • Chris' idea is a good workaround. But I'm curious why the pool command didn't work. Were the pool members defined on port 0?



    Thanks, Aaron
  • Hi,


    I have almost the same requirement as jmloveless with LC, but instead of snat based on an internal IP address, i want to snat based on the pool member already selected, i mean if the pool member selected was, snat to snat_pool_10_10_1, else snat to snat_pool_10_20_1. Any ideas?.



  • Hi Jaime,

    You can use the LB_SELECTED event to specify a SNAT IP based on the selected pool member address:

    when LB_SELECTED {
       if {[IP::addr [IP::client_addr] equals]}{
          snatpool snat_pool_10_10_1

    The default action would be to use whatever SNAT is enabled on the virtual server.