Forum Discussion
Tyler_Lund_1130
Nimbostratus
NimbostratusSelective Source NATing
Hello,
I have one BigIP system running 9.1 on which I've deployed the following iRule to turn on source NATing based on a particular source address:
when LB_SELECTED {
if { [IP::addr [IP::remote_addr] equals ""] } {
snat (or automap)
} else {
snat none
}
}This works great. I need to duplicate this functionality in 4.5. 4.5 doesn't appear to have a snat command, but a hidden version of snatpool seems to exist. I was thinking of something like:
snatpool internal_snat_pool {
member 1.2.3.4
}
if (client_addr == netmask {
use snatpool internal_snat_pool
}
use pool Does this sound reasonable? The only bummer is that It appears I'd have to have one of these rules for every virtual server, where as in 9.x I can reuse the same rule over and over.
- It looks like you're on the right track. That should work the way you're looking for it to, provided you get the right information in there for the variables.
-Colin 
Tyler_Lund_1130Thanks.
Ran into my first snag... I tried using the internal address of the load balancer (the gateway for the pool hosts) as the snat pool address, but got the following error when loading:
./bigip.conf: "The snatpool contains an invalid member."
Under 9.x, I'm able to use the gateway IPA in a source NAT. For 4.5 should I be using a different IPA, or is my syntax for defining the snatpool incorrect? I realize this feature is unsupported in 4.x, but I'm hoping someone has done this before and can offer some hints.
This is the exact configuration used:snatpool internal_snat_pool { member 216.27.85.193 } rule SNAT_Internal_Test { if (client_addr == 216.27.85.192 netmask 255.255.255.224) { use snatpool internal_snat_pool } use pool Test-Pool }- Tyler,
your syntax is correct. 4.5 just does not allow to use *any* self-IP as a SNAT pool member.
