iRule uncertainty

Question

Hi, I have a pair of F5's that load balance servers from the public and internal network.&nbsp;
&nbsp;I wish to snat the nodes return traffic (hide) to the vip that was used to access them, i.e. the internal users see a different vip to the public users.&nbsp;
&nbsp;The way I see it, I apply iRules to the VIP, but I cannot do this as it is outbound from the nodes I wish to SNAT, not inbound to them. &nbsp;
&nbsp;The only other way I can see to do this is by having forwarding turned on ??? which again I do not wish to do.&nbsp;
&nbsp;Can anyone help me out here, is what I am wanting to do possible with irules ???&nbsp;
&nbsp;Many thanks&nbsp;

mark_harris_608 · Answer

I suspect you can do something in an iRule, but I'm not sure why you would want to in this case.  What you've described (if I understand your need) already happens by default.&nbsp;
&nbsp;When you access a VS, the return traffic (by default, no SNAT required) returns with the source address of the VS that was first requested.  If you enable SNAT, then the source address is changed to the SNAT address on from the server perspective, but the return traffic still assumes the VS address originally accessed.&nbsp;
&nbsp;When you initiate (a very important distinction) traffic from the server, the SNAT is required to allow that traffic outbound - the VS alone will not allow traffic to be initiated from servers on the internal side of BIG-IP without it or a VS of some kind on the internal VLAN at a minimum.&nbsp;
&nbsp;So, in your case, instead of using something like SNAT AutoMap where the source address of outbound traffic will be the BIG-IP SelfIP address, make the translation address of the standard SNAT enabled on the internal VLAN the same address as the VS address, then traffic inbound and outbound will assume the same destination and source address for clients on the external VLAN of BIG-IP.

Forum Discussion

iRule uncertainty

1 Reply

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

Ivanti MDM Core & F5 LTM/ASM with mTLS

F5 BIGIP & XC certbot plugin

F5 radius login not working

A Method for Auth and SSO

setup F5vpn using key stored in TPM?

Related Content

AppWorld Berlin iRules Contest!

AppWorld Berlin 2026 – iRules Contest Winning Results

iRules Contest Entry Example

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Generic iRule based on datagroup parsing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS