Forum Discussion
Jacob_Becker_41
Nimbostratus
Nimbostratusredirect by ip to pool
I'm a newbie to the irules game and I'm just wondering if its possible to redirect traffic from a ip to a pool. Basically what I want to accomplish is redirect all traffic from port 3306 to a pool, b...
hoolio
Cirrostratus
CirrostratusHello,
I'm not entirely certain what criteria you want to use to accept or reject connection requests, but hopefully these examples will get you started.
You can either defined a class to use in the rule to set which clients you want to accept/reject, or you can specify them directly in the rule. If it's more than a few items, it's probably cleaner and more efficient to use the class.
Class/Rule example:
class my_hosts_networks_class {
network 10.0.0.0 mask 255.0.0.0
host 192.168.0.100
}
rule filter_clients_rule {
when CLIENT_ACCEPTED {
if { [matchclass [IP::remote_addr] equals $::my_hosts_networks_class] and [TCP::local_port] == 3306 } {
log local0.info "accepted connection from [IP::remote_addr]"
pool http_pool
} else {
log local0.info "rejected connection from [IP::remote_addr]"
reject
}
}
}Rule example:
rule filter_clients_rule {
when CLIENT_ACCEPTED {
if { [IP::remote_addr] == 192.168.1.1 and [TCP::local_port] == 3306 } {
log local0.info "accepted connection from [IP::remote_addr]"
pool http_pool
} else {
log local0.info "rejected connection from [IP::remote_addr]"
reject
}
}
}Note that in the client_accepted context, remote_addr would be the client IP address, local_addr would be the VIP, and remote_port would be the client's source port and local_port would be the destination port.
Also, BIG-IP will translate the destination port the client makes a request to, to the node's port, if you have port translation enabled on the VIP (which is enabled by default).
Aaron
