Forum Discussion

Casa_Henry_1360's avatar
Casa_Henry_1360
Icon for Nimbostratus rankNimbostratus
Feb 26, 2009

Snat for mail servers

I am new to Irules and TCL. I have a need to create SNATs for my mail servers. What I am looking for is the syntax for parsing a field. So if I have a series of addresses defined as hosts   ...
application delivery
dev
devops
iRules
Ian_Smith's avatar
Ian_Smith
Ret. Employee
Feb 27, 2009
It sounds like you need to get your mail servers to send mail from addresses that match your published MX records but maybe don't want them to use those IPs for other (perhapse internal) traffic.

If that is the case, you can use an irule to snat all the traffic from the server IP (the 10.10.x.x in the example) to a given IP (the 172.16.x.x in the example.

If you apply the rule to an existing IP forwarding virtual and you need to have snat automap for non-mail server traffic, make automap the default. 

 
 when CLIENT_ACCEPTED { 
     switch [ IP::client_addr ] { 
         10.10.1.1 { snat 172.16.1.1 } 
         10.10.1.2 { snat 172.16.1.2 } 
         default { snat automap } 
         } 
 }

If you just want to change the address of traffic from the mail servers destined to port 25 (i.e. outbound mail) then you can check the tcp port, then apply the snat only to the mail servers, and forward everything else (with or without a snat). 

 
  when CLIENT_ACCEPTED { 
 if [ [TCP::local_port] == 25 ] { 
 switch [ IP::client_addr ] { 
 10.10.1.1 { snat 172.16.1.1 } 
 10.10.1.2 { snat 172.16.1.2 } 
 default { forward } 
 } 
 } 
 else { forward } 
 }