F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Elias_O_16228's avatar
Elias_O_16228
Icon for Nimbostratus rankNimbostratus
Jan 13, 2017

Need help with irule to SNAT only server initiated traffic, but don't SNAT clients traffic

Want to SNAT internally originated traffic going to specific URLs, all other traffic are not to be SNAT'ed. i.e All clients requests, do not SNAT, but servers initiated traffic to for instance, , and should be SNAT'ed through default gateway interface.

 

The SNAT will use the same pool (client_pool) but not same VS.

 

The clients traffic VS = 10.2.2.2 (VLAN 2)

 

default gateway 10.2.5.1 (Vlan 5) interface 2.2

 

Should I use switch or string match without impacting clients request?

 

For instance, when HTTP_REQUEST { switch -glob [HTTP::uri] { "/" { Exact match for / HTTP::redirect "; } "/custom" { URI starts with /custom HTTP::redirect "HTTP::uri" } "abc1.com" - "cabd1.com" - "utss1.com" - pool client_pool }

 

application delivery
iRules
LTM
security

2 Replies

  • Elias_O_16228's avatar
    Elias_O_16228
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2017

    Clarification - there is separate Pool for the SNAT egress traffic because the client traffic is HTTPS while the outgoing traffic is HTTP.

     

    SNAT-POOL (translated to VS IP - 10.2.5.15) VS --10.2.5.15

     

    I am thinking I could do this without irule.

     

  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Jan 13, 2017

    I dont think you need irule for that. You said there is 2 virtual servers, so apply snat pool to one virtual server, and dont apply snat in the other one.

     

    If that is not the case, please provide a little bit more information, virtual servers, snats, server and client networks. I can then provide you more options.