selective SNAT on Forwarding VS

Question

I want to selectively SNAT on a forwarding VS based upon the IP address of the destination.  My iRule would look like the following:
when CLIENT_ACCEPTED {
   if [matchclass $$::internal_networks not equal IP destination] {
      snatpool pool_snat
   }
}
The questions I have are the following:
What is the syntax for not equal?
What structure should I use to get the IP of the destination in this case?  Is it IP::local_addr?

hoolio · Answer

Hi,
You can use not or ! to negate the comparison.  I'm pretty sure you need to wrap the test in parens.  And yes, IP::local_addr in the clientside context will be the destination IP.
when CLIENT_ACCEPTED {
   if {not ([matchclass $::internal_networks equals [IP::local_addr])}{
      snatpool pool_snat
   }
}
Aaron

patrick_chang_7 · Answer

Thanks

techgeeeg · Answer

I need a little bit of explanation what the above irule is doing. What I have understood is the following,&nbsp;

There is an address object "internal_networks" created under irule with the internal subnet defined.&nbsp;

The irule compares this subnet to the request coming to this VS and if it does not matches then it sends the connection from outbound_snat snat address pool. but if it matches what will happen then??

Forum Discussion

selective SNAT on Forwarding VS

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Selective SNAT

Selective SNAT with iRules

iRules Recipe 3: Pool and SNAT Selection by Host Header Value

SNAT pool persistence

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS