Forum Discussion
Kirk_Bauer_1018
Altostratus
AltostratusSNAT command and ports
I don't have time at the moment to set up a full test environment for this so I'm hoping for a little help. I have verified that for UDP traffic using the command "snat " will preserve the original source port, but I have only tested that for one source IP. If source IP 10.1.1.10 sends a UDP packet with a source port of 1234 and is SNATed to 172.16.1.2, what happens when source IP 10.1.1.11 sends a UDP packet with a source port of 1234 and the "snat" command also applies to that? Will the port be changed?
If so, is there any way I can force the port to remain unchanged? Can I do:
snat 172.16.1.2 [UDP::client_port]
and the source port will never be changed?
3 Replies
- The tuple of {sourceIP sourcePort destIP destPort} must be unique, so for traffic bound for the same pool member at least, the port would definitely be changed.
AFAIK SNAT uses the original source port unless it's already in use, otherwise (regardless of uniqueness on the pool member side of the tuple) chooses another port.
There's really no way to affect the default SNAT port selection behaviour.
HTH
/deb 
Kirk_Bauer_1018I may need to think out-of-the-box on this one. I don't need BIG-IP to remember any state information at all... I just need to change the source IP. Can I just set that directly on the way through the BIG-IP without using "snat" and without affecting the source port? I looked at the IP::* commands but don't see anything obvious.
hoolioCirrostratus
Could you try a fastl4 profile with loose init/close enabled so TMM doesn't add the connection to the connection table? I think you could then SNAT using the client port with less of a chance of having the source port in use already.
Aaron
