Forum Discussion

RiD's avatar
RiD
Icon for Nimbostratus rankNimbostratus
Feb 02, 2024

NAT traffic initiated by F5

Hello,

 

I have a question regarding F5 (without AFM).

The equipment is configured with an interface in 192.168.0.0/16 and we would like to NAT the traffic initiated by the equipment and coming out of the interface. Is it possible ?

 

Thanks.

  • Hi RiD  I'm not sure if this is supported on BIG-IP, so I'd run it by support first, but iptables totally supports that functionality, and the host OS (centos) has it in use for BIG-IP purposes. Take a look at /etc/sysconfig/iptables.default for the active rules. For an idea of what you're looking to do, you might need something like the below, assuming your management interface IP address is 192.168.1.5 and you want all outbound traffic to instead be mapped to 192.168.1.100.

    Again, this is just an idea of what is possible on CentOS, not a tacit endorsement that this is supported.

     

    iptables -t nat -A POSTROUTING -o mgmt -s 192.168.1.5 -p all -j SNAT --to 192.168.1.100
    
  • Hi RiD  I'm not sure if this is supported on BIG-IP, so I'd run it by support first, but iptables totally supports that functionality, and the host OS (centos) has it in use for BIG-IP purposes. Take a look at /etc/sysconfig/iptables.default for the active rules. For an idea of what you're looking to do, you might need something like the below, assuming your management interface IP address is 192.168.1.5 and you want all outbound traffic to instead be mapped to 192.168.1.100.

    Again, this is just an idea of what is possible on CentOS, not a tacit endorsement that this is supported.

     

    iptables -t nat -A POSTROUTING -o mgmt -s 192.168.1.5 -p all -j SNAT --to 192.168.1.100
    
    • RiD's avatar
      RiD
      Icon for Nimbostratus rankNimbostratus

      Hi JRahm ,

       

      Oh I see that sad, we would like to make it simple so we're probably going to opt for NAT behind a firewall or something similar.

       

      Thanks !