F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

clowe_16759's avatar
clowe_16759
Icon for Nimbostratus rankNimbostratus
Nov 07, 2007

iRule to SNAT Server

I am very inexperienced in writing iRules.   Background: there are virtual severs that serve our web servers and virtual servers that serve our database server. The Web and DB servers are on dif...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 09, 2007
If you have a spare IP address per client you will be SNAT'ing, you could create a datagroup (type: string) with the client IP and SNAT IP. When a client request is received, you could search the class using findclass and look up the corresponding IP you want to SNAT with. You can then use the snat command to apply it.

citizen_elah added a good example using a similar scenario a while back (Click here).

You could adapt that like this using a class with the client IP first, followed by the IP you want to translate it to:


class snat_map {
  "1.1.1.1 1.1.2.1"
  "1.1.1.2 1.1.2.2"
  "1.1.1.3 1.1.2.3"
  "........ ......"
}

And then a rule which performs the SNATing:


when CLIENT_ACCEPTED {
   set snat_ip [findclass [IP::client_addr] $::snat_map " "]
   if { $snat_ip ne "" } {
      snat $snat_ip
   } else {
       client IP wasn't found in the class, so use a default SNAT address
      snat 2.2.2.2
   }
}

Aaron