Forum Discussion
NimbostratusiRules replacing the destination IP
Hello,
We are configuring our LTM to NAT the public VIP ip with and a private internal ip address. This is done automatically when we put the private internal ip as a node on the pool assigned to the public VIP. So we need to create a mapping one-by-one for each services. The idea is to do the same via IRules but for all the subnet and not for each new service:
- Public subnet : A.B.C.D/24
- Private subnet : X.Y.Z.X/24
when CLIENT_ACCEPTED :
--> Replace the destination public IP with the private IP but with respecting the order of the Ip addresses. It means first public IP will be mapped to the first private ip and ect ...
I think it's possible with the "node" command, which replacing the VIP IP with the node IP . Could you please help us on that to create the iRules script?
Regards, Marwen
4 Replies
IheartF5_45022Nacreous
So none of this tested or even applied to anything, but I guess you'd create a network (standard) virtual server something like this;
ltm virtual vs_xlate_pub_to_priv { destination A.B.C.D:any mask 255.255.255.0 profiles { tcp { } } rules ir_xlate_pub_to_priv translate-address enabled translate-port disabled }and then an iRule like this;-
ltm rule ir_xlate_pub_to_priv { when CLIENT_ACCEPTED { Append 4th octet of destination address to internal private range node "X.Y.Z.[getfield [IP::local_addr] . 4]" } }This seems awfully like putting your privately addressed hosts on the internet.....
Marwen_131086Hello IheratF5
Thank you for your feedback, I tested and it works fine. I have another question if we want for example that the 4th octet of the private IP will be the 4th octet of the public IP + 2 : it means replace A.B.C.D with X.Y.Z.D+2
I tested this syntax but doesn't work. Any idea ?
node "X.Y.Z.[getfield [IP::local_addr] . 4] + 2"
Regards, Marwen
Cliff_126534Try this:
when CLIENT_ACCEPTED { set nodeIP "X.Y.Z.[expr [getfield [IP::local_addr] . 4] + 2]" node $nodeIP }- Marwen_131086
Hello Cliff,
Indeed it works well :) Thanks Regards,
