For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bweber_12801's avatar
bweber_12801
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008

iRule to SNAT based on IP

I am trying to setup an iRule that will send traffic from a specific host behind my F5 out a specific IP. I have a WildCard VS and an SNAT applied to the WildCard VS called "email" that directs all ou...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 17, 2008
That rule looks like it should work. Are you sure the requests are hitting the virtual server that the rule is configured on? You can add logging to get a better idea of what's happening. Also it would be more efficient to use IP::addr (Click here) to check the client IP address: 

 
 when CLIENT_ACCEPTED { 
    if { [IP::addr [IP::client_addr] equals 192.0.0.60] } { 
       log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]: Snat to x.x.x.4" 
       snat x.x.x.4 
    } else { 
       log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]: Snat to x.x.x.5" 
       snat x.x.x.5 
    } 
 }

Aaron