For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Van_Tol_10's avatar
Eric_Van_Tol_10
Icon for Nimbostratus rankNimbostratus
Oct 10, 2005

Selective SNAT rule

Hi all,   I am new to iRules and just implemented my first one today to resolve a problem we've been seeing with NAT. However, I need to create another one and I need to know the correct syntax to...
application delivery
dev
devops
iRules
Eric_Van_Tol_10's avatar
Eric_Van_Tol_10
Icon for Nimbostratus rankNimbostratus
Oct 11, 2005
Thanks, I disabled rule validation and it lets me save the rule now. However, the rule still doesn't work. I currently have SNAT enabled at the pool level and the rule is entered as:


when LB_SELECTED {
   if {[IP::addr [IP::remote_addr] equals "172.19.10.0/24"]} {
       LB::reselect snat none
   }
}

but this does not appear to disable SNAT for incoming connections for 172.19.10.0/24. tcpdump on a 172.19.10/24 server shows connections coming from the LB (172.19.10.1) as opposed to the original IP.

You should add some logic to not reselect the snat if it has already happened once otherwise you'll create an indefinite loop (using a variable is usually easiest).

At the risk of sounding like a bonehead, how do I do this? Can you point me to some examples of this and maybe I can figure it out on my own?