Selective SNAT problem

Question

I have a node in a pool trying to reach a virtual server that references the same pool. Using the code below does work with one caveat: the node in the pool can only reach itself.&nbsp;If the service on the node is disabled, the connection wont get made.&nbsp;Basically I need it to load balance between the other nodes in the pool in case the service on the node gets compromised. Here is where I pulled the general code.&nbsp;Specifically, this portion:&nbsp;" And another option for using SNAT only if the client IP is a node in the pool:&nbsp;when CLIENT_ACCEPTED { Check if the client IP address is a node in the VIP's default pool if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{&nbsp;  log local0. "SNAT'ing for [IP::client_addr], member of pool [LB::server pool]"
  snat automap} }"&nbsp;Thanks!&nbsp;

blahblahdab1ah_ · Accepted Answer

This is the version that worked in this scenario: &nbsp;
when LB_SELECTED {&nbsp;
   if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {&nbsp;
      snat automap 
   }
}&nbsp;
Thanks for the help!&nbsp;

Forum Discussion

Selective SNAT problem

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Selective SNAT with iRules

iRules Recipe 3: Pool and SNAT Selection by Host Header Value

SNAT IP address logging

Source_Addr Persistence Problems

SNAT statistics and iRule for selecting SNAT IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS