Forum Discussion
Selective SNAT problem
I have a node in a pool trying to reach a virtual server that references the same pool. Using the code below does work with one caveat: the node in the pool can only reach itself.
If the service on the node is disabled, the connection wont get made.
Basically I need it to load balance between the other nodes in the pool in case the service on the node gets compromised. Here is where I pulled the general code.
Specifically, this portion:
" And another option for using SNAT only if the client IP is a node in the pool:
when CLIENT_ACCEPTED { Check if the client IP address is a node in the VIP's default pool if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{
log local0. "SNAT'ing for [IP::client_addr], member of pool [LB::server pool]"
snat automap
} }"
Thanks!
This is the version that worked in this scenario:
when LB_SELECTED {
Thanks for the help!
- DevBabuCirrus
Let's take a packet capture.
tcpdump -ni 0.0:nnnp -s0 -w /var/tmp/snat.pcap host -vvv
- blahblahdab1ah_Nimbostratus
This is the version that worked in this scenario:
when LB_SELECTED {
Thanks for the help!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com