Selective SNAT problem
I have a node in a pool trying to reach a virtual server that references the same pool. Using the code below does work with one caveat: the node in the pool can only reach itself.
If the service on the node is disabled, the connection wont get made.
Basically I need it to load balance between the other nodes in the pool in case the service on the node gets compromised. Here is where I pulled the general code.
Specifically, this portion:
" And another option for using SNAT only if the client IP is a node in the pool:
when CLIENT_ACCEPTED { Check if the client IP address is a node in the VIP's default pool if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{
log local0. "SNAT'ing for [IP::client_addr], member of pool [LB::server pool]"
snat automap
} }"
Thanks!
This is the version that worked in this scenario:
when LB_SELECTED {
Thanks for the help!