Forum Discussion
spalande
Nacreous
Sep 23, 2013Need help for iRule
Need help on iRule for mapping private IP hosted on GTM (A record) to public IP (owned by customer DMZ).
eg. 192.168.4.242 is the private IP hosted on GTM, while sending DNS response need to map...
StephanManthey
Nacreous
Sep 24, 2013The iRule would require a data-group, i.e.:
ltm data-group internal dg_internal_external {
records {
10.131.131.125/32 {
data 10.141.141.125
}
10.131.131.126/32 {
data 10.141.141.126
}
}
type ip
}
An LTM (!) iRule to translate a response would look as follows:
when DNS_RESPONSE {
foreach item [DNS::answer] {
if {[DNS::type $item] eq "A"} {
log local0. "[DNS::rdata $item]"
log local0. "[DNS::type $item]"
log local0. "[class match -value [DNS::rdata $item] equals dg_internal_external]"
DNS::rdata $item [class match -value [DNS::rdata $item] equals dg_internal_external]
} else {
log local0. "[DNS::type $item]"
}
}
}
The iRule will be associated with your GMT listener (as well in the LTM context):
modify ltm virtual vs_10_131_131_53_53_gtm rules { rule_modify_dns_response }
Now the translation should work as I just tested:
host -t A test.lb-net.bit 10.131.131.53
Using domain server:
Name: 10.131.131.53
Address: 10.131.131.5353
Aliases:
test.lb-net.bit has address 10.141.141.126
host -t A test.lb-net.bit 10.131.131.53
Using domain server:
Name: 10.131.131.53
Address: 10.131.131.5353
Aliases:
test.lb-net.bit has address 10.141.141.125
You may want to use the iRule editor to craft the data-group and to assign it to the listener. This would be required with a plain GTM license.
Make sure to build your iRule in the LTM context. It sounds a bit odd, but the GTM listener is an object in the LTM context.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects