Forum Discussion
Kraig_52305
Jul 29, 2009Nimbostratus
NAT Pool Servers Outbound Internet Traffic
I have an Microsoft OCS server in a DMZ that normally just has imbound connections and replies back. VIP 1.1.1.1 and two pool servers 172.16.1.1 and 172.16.1.2. The problem that I have is that I need to NAT the 172.16.1. addresses when they build a connection out to the internet. Right now the real server IP is being used which would not be routable on the internet.
I was hoping that I could come up with an iRule that would NAT certain IP's (internet addresses) and not NAT my internal address space.
Any suggestions how to handle this?
- The_BhattmanNimbostratusYou could create a 0.0.0.0:0 wildcard forwarding virtual server, create a snatpool that contains the possible public ip addresses that 172.16.1.x can use and apply that irule to the wildcard forwarding virtual server.
when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 172.16.1.0/255.255.255.0] } { snatpool internet_nat } }
- harshpal_35434Nimbostratuscan't we enable the outbound NAT with out the Irule ???
- nitassEmployeecan't we enable the outbound NAT with out the Irule ??? you can use snat object as well. anyway, wildcard virtual server with irule may give you more granular control.
[root@ve1023:Active] config b snat outbound_snat list snat outbound_snat { translation 1.2.3.4 origins 172.16.1.0/24 vlans dmz enable }
- harshpal_35434NimbostratusThanks Nitass,
- harshpal_35434Nimbostratus
Nitaas,
- nitassEmployeecan acess the internet from Server but i do see that i cant ping 4.2.2.2 or any othere internet IP ,i understand it is because of the property of SNAT as it do port translation ,Correct me is i am wrong .there is setting named "snat packet forwarding" at system > configuration > local traffic > general.
- harshpal_35434NimbostratusThanks a lot all this worked for me .Awesome concept and top technology .
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects