Snat for mail servers

Whether you use a simple iRule as mentioned in your original post to map the origin to the SNAT addr, or define 1-1 SNATs, the end result (src addr of the egress packet based on src addr of ingress packet) will be the same.

You might need the iRule to only SNAT under certain conditions, such as traffic bound for internal destinations only. In that case, you can condition the SNAT & use a class like the one you've created. The class would be type String, and an iRule to be applied to a wildcard forwarding VS would have the following logic:

when CLIENT_ACCEPTED {  
 if {[IP::addr [IP::local_addr] equals 192.168.1.0/24] }{  
 set snat_addr [findclass [IP::remote_addr] $::hosts " "]  
 if {!($snat_addr eq "") }{  
 snat $snat_addr  
 }  
 }  
 }

The direction is outbound from the servers, so the server in this case is the client, and remote_addr is the server address. Because it's a wildcard virtual server, local_addr is the endpoint destination address. So in this comparison you would replace the 192.168 addr with the subnet your servers that should be SNAT'd is on.

If more than one dest subnet requires SNAT, or if you want to specify only certain addresses, you could do the comparison to more destinations by using another class with matchclass in the first condition.

HTH

/d