F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Dan_Williams_25's avatar
Dan_Williams_25
Icon for Nimbostratus rankNimbostratus
Sep 19, 2005

Selective SNAT iRule

Apologize if this has already been posted.     I recently upgraded to a pair of 6400s that are running v.9.0.5. During the days of 4.5.x, I was able to utilize a "Selective SNAT" rule of sorts t...
application delivery
dev
devops
iRules
Dan_Williams_25's avatar
Dan_Williams_25
Icon for Nimbostratus rankNimbostratus
Sep 19, 2005
I appreciate the responses.

 

 

I'd like to clarify the architecture a bit.

 

 

The 10.0.35/24 network is a "node" network that lives behind the BigIP. I originally had an "automap" SNAT created with the associated 10.0.35/24 network within the origin-list and only allowed on that particular VLAN. I have a "forwarding_virtual" enabled to allow routing through the BigIP for node monitoring.

 

 

With the "automap" applied and the first rule applied to the "forwarding_virtual" connectivity begins failing, so I'd revert.

 

 

The second rule has a "not" statement and seems backwards, so I'm not sure if I want to throw that in.

 

 

I currently have this:

 

 

when CLIENT_ACCEPTED {

 

if {([IP::addr [IP::local_addr] equals "10.0.35.0/24"]) and ([IP::addr "[IP::remote_addr]" equals "216.49.80.0/20"])} {

 

use snat none

 

} else {

 

use snat

 

}

 

}

 

 

This seemed to break things as well.

 

 

I'm missing something. I was originally was using "client_addr" and "server_addr", but it has since changed to "local_addr" and "remote_addr". Is this correct.

 

 

During the 4.5.x days, there was the idea of a forwarding_pool which seems to have gone away--or has it?

 

 

Appreciate the help.

 

-dan