Forum Discussion

Nimbostratus

Nov 17, 2009

Simple IP & Port Forwarding irule

I'm moving some dumb port-forwarding function from a proxy server to the LTM, and want to write an irule to facilitate this. No authentication or anything fancy - just direct translation of dest IP :...

Cirrostratus

Nov 18, 2009

You're running 9.2?! You should upgrade when you have a chance as that is old and unsupported. 9.4.x or 10.x have a lot of stability and security enhancements over 9.2.

Here is an example iRule which can be used on a performance layer4 VIP to look up the client's destination IP:port against a string datagroup (or a TCL list in this example) and translate the destination IP and port using the findclass and node commands. Make sure (destination) address and port translation are enabled on the VIP. Make sure to use a string datagroup and disable/comment out the logging once you're done testing.

  
  when RULE_INIT {  
    
      Replace this test TCL list with a "string" type datagroup   
       and then delete the RULE_INIT event  
     set destination_translations_class [list \  
        "10.2.135.100:80 192.168.135.100:8080" \  
        "10.2.135.101:8080 192.168.135.101:8888" \  
     ]  
  }        
  when CLIENT_ACCEPTED {  
    
     log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to [IP::local_addr]:[TCP::local_port]"  
    
      Look up the destination address:port in a datagroup  
     set dest [findclass [IP::local_addr]:[TCP::local_port] $::destination_translations_class " "]  
     log local0. "[IP::client_addr]:[TCP::client_port]: Matched \$dest: $dest"  
    
      Check if there was a match  
     if {$dest ne ""}{  
    
        log local0. "[IP::client_addr]:[TCP::client_port]: Using node [split $dest ":"]"  
         Set the destination IP and port using the node command  
        node [split $dest ":"]  
     }  
  }

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)