Forum Discussion

Nimbostratus

Dec 01, 2006

Million Dollar SNAT question

Ok, here it is. How do I get pool memebers to be able to Snat their address only to the url context requests they are part of. An explanation of this is I have about 10 Web sites with eachin the same ...

Cirrostratus

Dec 04, 2006

xf6svrb, the example rule you posted looks like it's designed to be applied to a IP forwarding virtual server configured for any service. I base this on the fact that it's checking the destination port and using the forward command.

As it sounds like you're just trying to load balance port 80 traffic you shouldn't need to use the complete example with the class of ports and the forwarding command. Forwarding is used to send the traffic out from the BIG-IP without being load balanced.

Here is a simplified example that should work for you:


when CLIENT_ACCEPTED {
    SNAT requests if client_addr is defined in the class
   if { [matchclass [IP::client_addr] equals $::Hosts]} {
      snat 192.168.100.12
   }
}

Then define the IP addresses you want to SNAT in a class (datagroup).

Else, if you want a more eloquent solution, you can try this:


when LB_SELECTED {  
  if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {  
  snat 192.168.100.12 
  }
}

After a node has been selected, the rule compares the source and destination IP addresses. If they're the same, it SNATs the source IP address so the node responds back to the BIG-IP. This saves some administrative effort in that you don't need to define the nodes.

Aaron

Edit:

Sorry, I didn't answer your question: 'What happens if you don't use forward?'

If you don't explicitly state how the request should be handled in the rule (using a command like pool, node, redirect, forward, reject or drop) the virtual server's pool configuration is used.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)