Forum Discussion

Damien_Turner_1's avatar
Damien_Turner_1
Icon for Nimbostratus rankNimbostratus
Oct 30, 2008

Mutiple Email Server with static Addresses

Hi all I'm new to iRules and have become stuck!

 

I have 3 email servers and each have there own incoming VIP, but I need to make sure that when one of these email server sends a mail it get's sent out of that mail servers incoming address (need this so mail servers like yahoo.com and AOL.com will see the correct PTR.

 

NAT's and SNAT's don't work due to the default gateway pool filters the request first and sends the mail out of the floating address, so my iRule looks like this....

 

 

Expertly written by Mark and Damien October 2008

 

This iRule forwards mail to a pool depending on what the

 

source address is, if there is no matching source address the connection

 

will be passed to the default pool (mail_62.254.236.254).

 

 

when CLIENT_ACCEPTED {

 

 

if { [IP::client_addr] equals "192.168.0.41" } {

 

pool mail_213.106.234.254

 

 

log local0. "Valid client IP: [IP::client_addr] - StrongMailVIP1"

 

 

} elseif {

 

 

[IP::client_addr] equals "192.168.0.42" } {

 

pool mail_213.106.234.254

 

 

log local0. "Valid client IP: [IP::client_addr] - StrongMailVIP2"

 

 

} elseif {

 

 

[IP::client_addr] equals "192.168.0.43" } {

 

pool mail_213.106.234.254

 

 

log local0. "Valid client IP: [IP::client_addr] - StrongMailBox1"

 

 

} elseif {

 

 

[IP::client_addr] equals "192.168.0.44" } {

 

pool mail_213.106.234.254

 

 

log local0. "Valid client IP: [IP::client_addr] - StrongMailBox2"

 

 

} elseif {

 

 

[IP::client_addr] equals "192.168.0.5" } {

 

pool mail_62.254.236.254

 

 

log local0. "Valid client IP: [IP::client_addr] - Cobalt1"

 

 

} else {

 

 

log local0. "Valid client IP: [IP::client_addr] - OtherMail"

 

 

pool mail_62.254.236.254

 

}

 

}

 

 

This iRule does work but when it is running any host not listed cannot send any mail, I need it to be sent out of my pool mail_62.254.236.254

 

which doesn't seem to be working.

 

 

Please could someone guide me to the correct path?

 

 

Regards

 

Damien
application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 05, 2008
    Hi Damien,

    You could defined one datagroup (called a class in the bigip.conf) for each pool of a type 'address' where you define the valid client IP addresses which should use that pool. You could then check the client IP address against the datagroups.

    You would define the datagroup outside the rule (under Local Traffic >> iRules >> Datagroup tab). The definition in the bigip.conf would look like this: 

     
 class mail_10.0.0.1_clients { 
    network 192.168.1.0/24 
    host 192.168.20.1 
 } 
 

     
 class mail_10.20.0.1_clients { 
    network 192.168.2.0/24 
    host 192.168.40.1 
 }

    The rule would look like this: 

     
 when CLIENT_ACCEPTED { 
  
     Check if client is part of the first datagroup 
    if {[matchclass [IP::client_addr] equals $::mail_10.0.0.1_clients]}{ 
  
        Client matched first datagroup so use the corresponding pool 
       pool mail_10.0.0.1_pool 
  
    } elseif {[matchclass [IP::client_addr] equals $::mail_10.20.0.1_clients]}{ 
  
        Client matched second datagroup so use the corresponding pool 
       pool mail_10.20.0.1_pool 
  
    } else { 
  
        Take some default action? 
       pool default_pool 
    } 
 }

    Aaron
  • Damien_Turner_1's avatar
    Damien_Turner_1
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2008
    Hi Thankyou for responding, I have sorted the issue now. It was due to the SNAT pool getting confused as a NAT was in place for one but not the other, by changing the else to a SNAT_POOL rather than a pool it fixed the problem.
  • Damien_Turner_1's avatar
    Damien_Turner_1
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2008
    so it now looks like this.... (Have removed some of the hosts)

     

     

    Expertly written by Mark and Damien October 2008 V1.3

     

    This iRule forwards mail to a pool depending on what the

     

    source address is, if there is no matching source address the connection

     

    will be passed to the default pool (mail_62.254.236.254).

     

     

    when CLIENT_ACCEPTED {

     

     

    if { [IP::client_addr] equals "192.168.0.41" } {

     

    pool mail_213.106.234.254

     

     

    Uncomment the line below to turn on logging.

     

    log local0. "Valid client IP: [IP::client_addr] - StrongMailVIP1"

     

     

    } elseif {

     

     

    [IP::client_addr] equals "192.168.0.42" } {

     

    pool mail_213.106.234.254

     

     

    Uncomment the line below to turn on logging.

     

    log local0. "Valid client IP: [IP::client_addr] - StrongMailVIP2"

     

     

    } elseif {

     

     

    [IP::client_addr] equals "192.168.0.5" } {

     

    pool mail_62.254.236.254

     

     

    Uncomment the line below to turn on logging.

     

    log local0. "Valid client IP: [IP::client_addr] - Cobalt1"

     

     

    } else {

     

     

    snatpool OtherMailServers

     

     

    Uncomment the line below to turn on logging.

     

    log local0. "Valid client IP: [IP::client_addr] - OtherMailServers"

     

     

    }

     

    }

     

     

    This now works like a dream!
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 05, 2008
    Glad you got it working. It would be more efficient to use IP::addr to compare the client IP address against the critera for selecting a pool versus a string comparison:

     

     

    if {[IP::addr [IP::client_addr] equals 192.168.0.41]}{

     

    ...

     

     

    Aaron