Forum Discussion
bweber_12801
Nimbostratus
NimbostratusiRule to SNAT based on IP
I am trying to setup an iRule that will send traffic from a specific host behind my F5 out a specific IP. I have a WildCard VS and an SNAT applied to the WildCard VS called "email" that directs all outbound traffic out my x.x.x.5 IP. I have a mail server sitting behind the F5 at 192.0.0.60. I want all traffic outbound from 192.0.0.60 to go out x.x.x.4 and not x.x.x.5. I also want to have all other traffic continue going out x.x.x.5. The iRule that F5 support recommended that I use is:
when CLIENT_ACCEPTED {
if { [IP::client_addr] equals "192.0.0.60" } {
use snat x.x.x.4
} else { use snat x.x.x.5 }
}
However when I put that iRule into my WildCard VS, I am unable to get any traffic outbound from 192.0.0.60. Without the iRule 192.0.0.60 obviously still goes out x.x.x.5. Any idea what might be wrong with the iRule?
Thanks!
hoolioCirrostratus
That rule looks like it should work. Are you sure the requests are hitting the virtual server that the rule is configured on? You can add logging to get a better idea of what's happening. Also it would be more efficient to use IP::addr (Click here) to check the client IP address:when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.0.0.60] } { log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]: Snat to x.x.x.4" snat x.x.x.4 } else { log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]: Snat to x.x.x.5" snat x.x.x.5 } }
Aaron