NATor SNAT Problem

Hi all,

 

 

I need generate a iRule for dinamic NAT or SNAT for outbound traffic from my Internal Vlan (where the server are conneccted) based to destination address,

 

 

When the server start to the connection to the backoffice the is not necesary NAT or SNAT the connection is with the orginal IP addres. And when the server start a a connection to the Internet change the IP to a public IP addres.

 

 

I create the following iRule:

 

 

when CLIENT_ACCEPTED {

 

log local0. "local--> [IP::local_addr] :remote->:[IP::remote_addr]"

 

 

if { [matchclass [IP::remote_addr] equals $::tc_pat_hosts] }

 

{

 

log local0. "opcion1"

 

if { [matchclass [IP::local_addr] equals $::tc_pat_backoffice] }

 

{

 

forward

 

}

 

elseif { [ [IP::local_addr] equals 212.89.6.193] }

 

{

 

snat 192.168.106.254

 

}

 

else

 

{

 

snatpool PAT_SNAT_INTERNET

 

}

 

}

 

elseif { [matchclass [IP::remote_addr] equals $::tc_mmsc_hosts] }

 

{

 

log local0. "opcion2"

 

if { [matchclass [IP::local_addr] equals $::tc_mmsc_backoffice] }

 

{

 

forward

 

}

 

else

 

{

 

snatpool MMSC_SNAT_INTERNET

 

}

 

 

}

 

elseif { [matchclass [IP::remote_addr] equals $::tc_web_hosts] }

 

{

 

log local0. "opcion3"

 

if { [matchclass [IP::local_addr] equals $::tc_web_backoffice] }

 

{

 

forward

 

}

 

else

 

{

 

 

}

 

}

 

elseif { [matchclass [IP::remote_addr] equals $::tc_pre_web_hosts] }

 

{

 

log local0. "opcion4"

 

if { [matchclass [IP::local_addr] equals $::tc_web_backoffice] }

 

{

 

forward

 

log local0. "forward"

 

}

 

else

 

{

 

 

log local0. "else opcion 4"

 

}

 

}

 

else

 

{

 

forward

 

}

 

log local0. "local--> [IP::local_addr] :remoto-->:[IP::remote_addr]"

 

}

 

 

But I detect that when I apply the SNAT in the iRule is not a correct position, the SNAT apply to IP::local_addr and I would Like SNAT or NAT to the IP::client_addr.

 

 

Is necesary change the event ? or is necesary use another function like snat ?