Forum Discussion
Eric_Sanchez_27
Nimbostratus
NimbostratusIs there an iRule to have an alternative way of doing SNAT AUTOMAP?
I have this iRule:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::x_Hosts]} {
snatpool x_SNAT
}
}
x_Hosts = I dont understand the relevance of this.
x_SNAT = this is an IP address in the SNAT pool.
I am attempting to accomplish a better way to do SNAT AUTOMAP. I have issues when I have "VIP A" (10.10.10.10/24) with "Pool A" (10.10.11.11/24) and "VIP B" (10.10.10.11/24) and "Pool B" (10.10.11.12/24) need to talk to each other. It only works when AUTOMAP is applied. From my understanding, AUTOMAP forces the session to come back to the LTM instead of using its local ethernet segment (since they are on the same subnet).
Is this the appropriate iRULE to use so I can see source IP/MACs if I monitor the application or is there something better to use so I dont see the self-ip of the ltm and its associated mac-address?
3 Replies
- The_BhattmanHi Eric,
x-Hosts is a datagroup that contains a list of IP addresses. Yes you can use the same iRule to log the original source address. You can set the snat pool to have different IP address other then the self-ip of the LTM.
Bhattman 
Eric_Sanchez_27Another question is if I have two sets of VIPs and Pools.
VIP A (10.10.10.x/24)
Pool A (10.10.11.x/24)
VIP B (10.10.20.x/24)
Pool B (10.10.21.x/24)
If my iRULE SNAT consists of x_HOSTS=10.10.11.0/24 (network of Pool A) and my X_SNAT=10.10.11.5 (IP in Pool A)... can I use that same iRULE SNAT for the VIPs/HOSTs for the B too? Or would that break functionality and I would need to create an iRULE SNAT data group for the pool B group?- The_BhattmanHi Eric,
You should be able to use same X_SNAT address. However, that address must belong to the LTM not the a server in any pool.
Bhattman
