Forum Discussion
pedinopa_170325
Nimbostratus
Nimbostratusneed a SNAT rule
I created a VIP on my LTM (ip is x.x.x.x) and it will forwared traffic to remote webservers (IP's are in different subnets). I need a SNAT or NAT that will make all traffic destined for these remote systems to be from a single IP. Is it possible to do this with an irule? If so can someone help?
6 Replies
arpydaysdo you have multiple server-side vlans configured on the F5 for each web server network or do you have a single egress vlan that routes to the web server networks?
pedinopa_170325Single egress clan that routes to the various vlans- arpydays
OK, so you can either use snat automap which will use the egress vlan selfip or use a snatpool and set the IP address to the one that you want. in both cases traffic from the VIP to the web servers will be sourced from the snat IP. Snat translation is applied on the VSs.
Samir_Jha_52506Noctilucent
I agree with arpydays suggestion. This can be achieved via irule also but i will recommended to go through SNAT automap/Pool. But still you wanted iRule. Please find below.
when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals VIP/32] }{ snat 192.168.20.10 } }- pedinopa_170325I tried using automap and a snat pool neither worked. I talked with F5 support and because the webservers are not on the same vlan as the f5 the automap wont work and from what I tried with a snat pool that did not work. Would a intelligent snat work better if so how dow I go about writing one?
- arpydaysIf it doesn't work with SNAT pool/automap then using an rule shouldn't make any difference. I may not fully understand your topology but if you have a single egress vlan then it should work as long as you have a route back to the F5 Snat Automap/pool IP address from the web server subnets. I would try a tcpdump as well to see if any traffic is making it to/from the server; tcpdump -nn -i egress_vlan host webserver_ip
