Port translation for outbound with port range

Question

I have created a wildcard VS for routing and I am trying to create an Irule which will SNAT the connection for outbound traffic with source port change to random port that unused in a specific port range, example:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.1.1.100/32] }{
  snat 192.168.1.100 (5000 -&gt; 5999) || I need source 10.1.1.100:X change to 192.168.1.100:5XXX

}
}
I don't know Is there any way to done this and hope your helps!
Thanks so much,
Jose

leonardo_souza · Answer

Based in the snat command documentation, it just accepts one port:
https://devcentral.f5.com/wiki/irules.snat.ashx&nbsp;
You need to keep track of the port used, saving the information to the persistence table.
For a new connection you assign the port, and save the port in the persistence table.
When the connection is finished (CLIENT_CLOSED event), you need to delete the table entry.
You also need to write the logic to check for next available port in the range, maybe having a global variable with an index that you increment (and return to the beginning when reach the higest number), and check that does not exit yet in the persistence table.&nbsp;
Have a look in this link about the persistence table:
https://devcentral.f5.com/articles/irules-101-12-the-session-command&nbsp;

Forum Discussion

Port translation for outbound with port range

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

Related Content

Radware config translation

GTM Translation

SSL Orchestrator Advanced Use Cases: Outbound SNAT Persistence

OCSP through an outbound explicit proxy

Network Translations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS