Forum Discussion

Nimbostratus

Dec 17, 2012

Need help with a SNAT iRule

So I have an iRule which will effectively SNAT everything to the VIP address, but I need to modify it to ONLY SNAT traffic where the source subnet is the same as the destination subnet. Any help here...

Cirrostratus

Dec 17, 2012

Here's a tidbit I got from dev:

You only need to convert one side to be a network and then it will mask both with that same network mask to see if it’s on the same network. So, either of these should be sufficient:

[IP::addr [IP::addr [IP::client_addr] mask 255.255.255.0] equals [LB::server addr]]

[IP::addr [IP::client_addr] equals [IP::addr [LB::server addr] mask 255.255.255.0]]

It would be nice to add an option to IP::addr for a mask to apply. As in:

[IP::addr –prefixlen 24 [IP::client_addr] equals [LB::server addr]]

[IP::addr –mask 255.255.255.0 [IP::client_addr] equals [LB::server addr]]

There's a request for enhancement for an option like the last two:

BZ376898: RFE improve IP::addr command to allow for simpler subnet comparison using prefixes

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)