Forum Discussion
jmloveless_4477
Nimbostratus
NimbostratusiRule to SNAT and select pool member
Good evening,
I am using the LC with an irule on the default gateway pool to snat a particular internal client to an outside address (overriding the automap on the default gateway pool). The SNAT works great until the connection is routed out the wrong ISP. I need to be able to set the SNAT and Pool member with the same irule. I have tried couple things but they dont seem to work, any input would be appreciated!!!
here is an example of one iRule I have tried:
when CLIENT_ACCEPTED {
if {[IP::addr "[IP::client_addr]" equals "10.251.1.65"]} {
snat X.X.X.10
pool default_gateway_pool member X.X.X.1 0
}
elseif {[IP::addr "[IP::client_addr]" equals "10.40.14.12"]} {
snat Y.Y.Y.10
pool default_gateway_pool member Y.Y.Y.1 0
}
}
hooleylistCirrostratus
Hi,
That iRule looks valid. What issues are you seeing when you test it? Is a pool selected? Are the connections SNAT'd?
Aaron- hooleylistActually, maybe the issue is with specifying port 0 for the pool member? If that's the issue, you might try something like this:
when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.251.1.65]} { snat X.X.X.10 pool default_gateway_pool member X.X.X.1 [TCP::local_port] } elseif {[IP::addr [IP::client_addr] equals 10.40.14.12]} { snat Y.Y.Y.10 pool default_gateway_pool member Y.Y.Y.1 [TCP::local_port] } }
Aaron 
jmloveless_4477Thanks for the quick response, do I need the [TCP::local_port]
or can I just drop the port all together?
The SNAT works and the correct pool is selected but correct member is not selected from what I can tell. The reason thie is failing is ISP B drops connections with a source address of anything but ISP B assigned addresses.
Any logging recommendations to make sure the correct pool and member are selected?
Thanks again- Chris_Miller
Altostratus
When I had a similar challenge, I created a separate pool containing only that specific member and selected the pool (rather than member) from the iRule. - jmloveless_4477Chris, funny you mention that, I just did the same thing this morning and it appears to be working!!! FingersCrossed.
- hooleylistChris' idea is a good workaround. But I'm curious why the pool command didn't work. Were the pool members defined on port 0?
Thanks, Aaron 
tcl_newfanHi,
I have almost the same requirement as jmloveless with LC, but instead of snat based on an internal IP address, i want to snat based on the pool member already selected, i mean if the pool member selected was 10.10.1.1, snat to snat_pool_10_10_1, else snat to snat_pool_10_20_1. Any ideas?.
Regards,- hooleylistHi Jaime,
You can use the LB_SELECTED event to specify a SNAT IP based on the selected pool member address:when LB_SELECTED { if {[IP::addr [IP::client_addr] equals 10.10.1.1]}{ snatpool snat_pool_10_10_1 } }
The default action would be to use whatever SNAT is enabled on the virtual server.
Aaron - tcl_newfanHi Aaron,
it seems very simple, let me try it.
Thanks,
