For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Van_Tol_10's avatar
Eric_Van_Tol_10
Icon for Nimbostratus rankNimbostratus
Oct 10, 2005

Selective SNAT rule

Hi all,   I am new to iRules and just implemented my first one today to resolve a problem we've been seeing with NAT. However, I need to create another one and I need to know the correct syntax to...
application delivery
dev
devops
iRules
Eric_Van_Tol_10's avatar
Eric_Van_Tol_10
Icon for Nimbostratus rankNimbostratus
Oct 10, 2005
I tried your suggestion, but that didn't work. I had to modify the 'snat disable' to be 'snat none', but that didn't work, either. Here is what I have now (using example IPs):

SiteA VIP: 192.0.2.10

SiteA Dummy VIP: 192.0.2.11

SiteB VIP: 192.0.2.24

SiteB Dummy VIP: 192.0.2.25

...


pool MB_pool {
   lb method member ratio
   member 172.19.10.11:smtp monitor smtp_10.11
   member 172.19.10.12:smtp monitor smtp_10.12
   member 172.19.10.13:smtp monitor smtp_10.13
   member 192.0.2.25:smtp monitor smtp_2.25
}
snat MB {
   translation 192.0.2.10
   origin 172.19.10.11
   origin 172.19.10.12
   origin 172.19.10.13
   vlan internal enable
}
...
when LB_SELECTED {
   if { not [IP::addr [IP::remote_addr] equals "192.0.2.25/32"]} {
     snat none
   }
   else {
     use snat 192.0.2.10
   }
}

I could not get the 'snat none' to work until negating the 'if' statement and changing the remote_addr. The 'snat none' now properly disables SNAT for anything incoming, but does not use the 192.0.2.10 SNAT address for packets chosen to go to the remote dummy VIP.