iRule to SNAT dependant on source address

Question

Hey all, 
&nbsp;  
&nbsp; I'd like to configure and iRule and apply it to a VIP whereby it checks the source and if it is one of a list of IP addresses (or perhaps within a specific subnet). If it is I'd like it to apply and automapped (optional if not possible) SNAT. 
&nbsp;  
&nbsp; Is this possible? If it is, any advice would be appreciated. 
&nbsp;  
&nbsp; Cheers 
&nbsp;  
&nbsp; Greg

nicolas_menant · Answer

Hi, 
  
 You can do this with a network range or a class, it is up to you: 
  
 you must use this command: IP::addr Click here 
  
 should look like this

when CLIENT_ACCEPTED { 
     if {[IP::addr [IP::client_addr]/8 equals 10.0.0.0]} { 
         snat automap 
      } 
 } 
  
 with a class:  
 when CLIENT_ACCEPTED { 
     if {[matchclass [IP::client_addr] equals $::myIPs]} { 
         snat automap 
      } 
 } 
 where you created a datagroup myIPS which contains the list of IPs that should be snatted

greg__33907 · Answer

Thanks very much. I wasn't expecting the full script. I'll give it a shot tomorrow. 
&nbsp;  
&nbsp; I'll let you know how I get on. 
&nbsp;  
&nbsp; Greg

Forum Discussion

iRule to SNAT dependant on source address

Recent Discussions

NetScaler to F5 Migration

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

The Power of Source Address

health monitor source IP address

source address persistence maximum session timeout

F5 Malicious Source IP Address Alert

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS