NAT Irule

Question

I have a client that wants to do the following…  The "had" this functionality in some alteons that we replaced.  Not sure of how to write this irule up, looking for some guidance from the experts!!  TIA   &nbsp;
&nbsp;From the client....&nbsp;
&nbsp; &nbsp;
&nbsp;"I want to NAT an entire network one-to-one without setting up each individual IPs.  &nbsp;
&nbsp; &nbsp;
&nbsp;Example, someone types in telnet 11.5.110.x which routes to the F5 BigIP.  BigIP NATs that to 10.5.110.x where x can be any valid host on the network."&nbsp;&nbsp;

hoolio · Answer

You can test how to get the last octet of the destination IP with something like this:
when RULE_INIT {
   set ::translated_ip_prefix "1.2.3."
   set destination_ip 10.20.30.40
   set last_octet [getfield $destination_ip "." 4]
   set translated_ip $::translated_ip_prefix$last_octet
   log local0. "\$translated_ip: $translated_ip"
}
(logs: $translated_ip: 1.2.3.40)
You could then use a rule like this on a fastL4 network VIP:
when RULE_INIT {
   set ::translated_ip_prefix "10.20.30."
}
when CLIENT_ACCEPTED {
   node $::translated_ip_prefix[getfield [IP::local_addr] "." 4] [TCP::local_port]
   log local0. "Translated IP: $::translated_ip_prefix[getfield [IP::local_addr] "." 4] [TCP::local_port]"
}
I didn't test this, but it passed a syntax check.
Aaron

brad_wood_7735 · Answer

Thanks!!  I have gotten your suggestions over to the client.  Great Idea!!!  I'll post up the final irule when we get it complete.&nbsp;
&nbsp;  Brad

Forum Discussion

NAT Irule

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

BIG-IP AFM設定例-NAT

NAT for specific IPs

Hey DeepSeek, can you write iRules?

iRules Style Guide

Bulk Nat Creation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS