Selective Source NATing

Question

Hello,
I have one BigIP system running 9.1 on which I've deployed the following iRule to turn on source NATing based on a particular source address:when LB_SELECTED {
  if { [IP::addr [IP::remote_addr] equals ""] } {
    snat  (or automap)
  } else {                      
    snat none                   
  }                             
}
This works great. I need to duplicate this functionality in 4.5. 4.5 doesn't appear to have a snat command, but a hidden version of snatpool seems to exist. I was thinking of something like:
snatpool internal_snat_pool {
  member 1.2.3.4
}
if (client_addr ==  netmask  {
   use snatpool internal_snat_pool
}
use pool 
Does this sound reasonable? The only bummer is that It appears I'd have to have one of these rules for every virtual server, where as in 9.x I can reuse the same rule over and over.

colin_walker_12 · Answer

It looks like you're on the right track.  That should work the way you're looking for it to, provided you get the right information in there for the variables.&nbsp;
&nbsp;-Colin

tyler_lund_1130 · Answer

Thanks. 
Ran into my first snag... I tried using the internal address of the load balancer (the gateway for the pool hosts) as the snat pool address, but got the following error when loading:
./bigip.conf: "The snatpool contains an invalid member."
Under 9.x, I'm able to use the gateway IPA in a source NAT. For 4.5 should I be using a different IPA, or is my syntax for defining the snatpool incorrect? I realize this feature is unsupported in 4.x, but I'm hoping someone has done this before and can offer some hints.
This is the exact configuration used:snatpool internal_snat_pool {
  member 216.27.85.193
}
rule SNAT_Internal_Test {
   if (client_addr == 216.27.85.192 netmask 255.255.255.224) {
      use snatpool internal_snat_pool                         
   }
   use pool Test-Pool
}

martin_machacek · Answer

Tyler,&nbsp;
&nbsp;your syntax is correct. 4.5 just does not allow to use *any* self-IP as a SNAT pool member.

Forum Discussion

Selective Source NATing

3 Replies

Recent Discussions

How to add a new DNS(gtm) to the existing network?

Failed to add new DNS machine to the existing DNS sync-group

Email Notification Sent For The Configuration Change

F5 Malicious Source IP Address Alert

F5 APM Variable Assign agent

Related Content

Solving for true-source IP with global load balancers in Google Cloud

F5 XC vk8s workload with Open Source Nginx

The Power of Source Address

iControl Library For Java With Source

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap