Forum Discussion
François_Bégin_
Nimbostratus
NimbostratusNAT based on port
I am trying to set up *outbound* NATing based on port. We want to initiate connections from an internal box.
If the connection is on port 22, we want it NATed to 205.206.123.140.
If the connection if on port 80, we want it NATed to 205.206.123.145.
This cannot be done using the NATing functionality of the F5, but could this be done using virtual servers and iRules?
I am guessing something like this might work:
- Set internal hosts' default gateway to be the floating internal IP of the F5: 192.168.100.1
- Create a virtual server on 192.168.100.1:22. Create iRule to re-write the source IP to 205.206.123.140 then forward packets to external destination
- Create another virtual server on 192.168.100.1:80. NAT with iRule to 205.206.123.145. Forward onwards.
- Create third virtual server to listen on 205.206.123.140 to catch the return SSH traffic.
- Create fourth virtual server to listen on 205.206.123.145 to catch the return HTTP traffic.
The return traffic will not necessarily be on port 22/80 and there is a firewall in front of the F5, so I am not sure if this is a workable solution.
Any help would be appreciated.
Francois Begin
- You should be able to accomplish this simply with 2 virtuals and a snat. No iRules necessary. Something like this:
virtual ssh_snat { destination *:22 snat 205.206.123.140 forward } virtual http_snat { destination *:80 snat 205.206.123.145 forward }
You would want to make sure your client's routes point at the bigip, so the traffic gets sent to the bigip and through those wildcard virtual servers.
