For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Derek_Rice_2913's avatar
Derek_Rice_2913
Icon for Nimbostratus rankNimbostratus
Jul 24, 2017

iRule to SNAT only for requests sent to specific destination.

Obligatory, newish to iRule. Wondering if this iRule will take any requests from 1.1.1.1 destined for IP specified in "remote_net" class will and SNAT them, otherwise no SNAT. I think this will work, just looking for confirmation.

when CLIENT_ACCEPTED {  
    if { ([class match [IP::client_addr] equals 1.1.1.1]) and ([class match [IP::remote_addr]   equals remote_net]) } {
        snatpool snatpool_remote  
    }  
}
application delivery
iRules
LTM

1 Reply

  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Altostratus rankAltostratus
    Jul 24, 2017

    do not use "class match" in the first part of your "if" clause. Use "IP:addr" command:

    when CLIENT_ACCEPTED {  
    if { ([IP::addr [IP::client_addr] equals 1.1.1.1]) and ([class match [IP::remote_addr] equals remote_net]) } {
        snatpool snatpool_remote  
    }  
}