F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Casa_Henry_1360's avatar
Casa_Henry_1360
Icon for Nimbostratus rankNimbostratus
Feb 26, 2009

Snat for mail servers

I am new to Irules and TCL. I have a need to create SNATs for my mail servers. What I am looking for is the syntax for parsing a field. So if I have a series of addresses defined as hosts   ...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Feb 27, 2009
Whether you use a simple iRule as mentioned in your original post to map the origin to the SNAT addr, or define 1-1 SNATs, the end result (src addr of the egress packet based on src addr of ingress packet) will be the same.

You might need the iRule to only SNAT under certain conditions, such as traffic bound for internal destinations only. In that case, you can condition the SNAT & use a class like the one you've created. The class would be type String, and an iRule to be applied to a wildcard forwarding VS would have the following logic: 
when CLIENT_ACCEPTED {  
 if {[IP::addr [IP::local_addr] equals 192.168.1.0/24] }{  
 set snat_addr [findclass [IP::remote_addr] $::hosts " "]  
 if {!($snat_addr eq "") }{  
 snat $snat_addr  
 }  
 }  
 }
The direction is outbound from the servers, so the server in this case is the client, and remote_addr is the server address. Because it's a wildcard virtual server, local_addr is the endpoint destination address. So in this comparison you would replace the 192.168 addr with the subnet your servers that should be SNAT'd is on.

If more than one dest subnet requires SNAT, or if you want to specify only certain addresses, you could do the comparison to more destinations by using another class with matchclass in the first condition.

HTH

/d