Plz help! Why is my irules not working

That looks okay to me. Can you add some logging, retest and check /var/log/ltm for the log output?

when CLIENT_ACCEPTED {
   log local0. "[IP::client_addr]:[TCP::client_port]: Connected=[IP::local_addr]:[TCP::client_port] [virtual name]"
}
when LB_SELECTED {
   if {[IP::addr [LB::server addr] equals 8.8.8.8] } {
      snat 6.6.6.6 
      log local0. "[IP::client_addr]:[TCP::client_port]: Selected=[LB::server], SNAT=[LB::snat], matched=8.8.8.8"
   } else {
      snat automap
      log local0. "[IP::client_addr]:[TCP::client_port]: Selected=[LB::server], SNAT=[LB::snat], not matched=8.8.8.8"
   }
}

Aaron

Thanks Aaron!I tried your suggestion,modified my irules and I found nothing in gtm log.Instead I found something in /var/log/ltm.Would these be helpful?

[link text](https://devcentral.f5.com/Portals/0/Users/214/34/133334/my test irule.jpg)

[link text](https://devcentral.f5.com/Portals/0/Users/214/34/133334/ltm log.jpg)

irule logging is usually in /var/log/ltm, so that is logical. next time try to capture all of the logging, but it does show you never match your if {[IP::addr [LB::server addr] equals 8.8.8.8] } so apparently you never go to 8.8.8.8.

According to Aarons sample code the log events should show up in /var/log/ltm (log facility local0.).

I´m wondering, if you are trying to apply address translation to the traffic to forward.

At least your virtual server is in PerformanceL4 mode. And probably you have a pool assigned, dont you? Is it a default_gateway_pool?

If there is no pool, you cannot expect the LB_SELECTED event to be triggered and nothing will show up in /var/log/ltm.

Did you change the NAT and Port translation settings in your virtual server properties?

Can you provide the output of the following, please:

tmsh list ltm virtual VS_outbound

According to the current VS configuration you still have SNAT AutoMap enabled.

Perhaps this overrules the iRule ...

tmsh modify ltm virtual VS_outbound snat none  
tmsh save sys config  
tmsh run cm config-sync to-group device-group-failover

Command above removes the SNAT from your virtual server and the iRule should work as expected.

Did you apply logging as recommended by Aaron?

To monitor the ongoing log output to the LTM log facility you can use:

tail -f /var/log/ltm

Does TCPDUMP still show a self IP (SNAT AutoMap) or does the iRule work and the alternative address is chosen?

Perhaps this part is already working, but the BIG-IP does not respond to related ARPs from your router which wants to deliver the reply to the new SNAT address.

Please keep in mind, that changes to your configuration and iRules will apply in the context of a new connection only. In the context of an already existing connection, the previous configuration will always be used.

Please change your iRule as follows:

[IP::addr [LB::server addr] equals 202.215.132.119]

into:

[IP::addr [IP::local_addr] equals 202.215.132.119]

The function [IP::local_addr] in the clientside context will evaluate the destination IP:

when CLIENT_ACCEPTED { 
    log local0. "[IP::client_addr]:[TCP::client_port]: Connected=[IP::local_addr]:[TCP::client_port] [virtual name]"
    if {[IP::addr [IP::local_addr] equals 202.215.132.119] } { 
        snat 124.232.132.94 
        log local0. "[IP::client_addr]:[TCP::client_port], matched=202.215.132.119" 
    } else { 
        snat automap 
        log local0. "[IP::client_addr]:[TCP::client_port], not matched=202.215.132.119" 
    } 
} 

That works!My ip displayed as I want after I modified the irule.Thank you so much Stephan!