F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Casa_Henry_1360's avatar
Casa_Henry_1360
Icon for Nimbostratus rankNimbostratus
Feb 26, 2009

Snat for mail servers

I am new to Irules and TCL. I have a need to create SNATs for my mail servers. What I am looking for is the syntax for parsing a field. So if I have a series of addresses defined as hosts   ...
application delivery
dev
devops
iRules
Casa_Henry_1360's avatar
Casa_Henry_1360
Icon for Nimbostratus rankNimbostratus
Mar 16, 2009
Again, I apologize for my naivete. Here is the situation. I have the need to have 2 separate networks, lets say 192.168.16 and 192.168.246. Because of PCI compliance these 2 networks cannot speak directly together but all requests need to go to the firewall then back to big ip. Simply creating 1 to 1 snats may cause big ip to respond to the request without it going to the firewall. However I still have the need for outgoing mail to have a natted external address The use of an iRule was the recommended course by F5 support.

 

 

To that end I created a virtual server 0.0.0.0:25 to which I would like to apply this iRule.

 

 

class dest_pairs {

 

"192.168.246.150 198.212.12.150"

 

"192.168.246.151 198.212.12.151"

 

 

}

 

when CLIENT_ACCEPTED {

 

set my_spool [findclass [IP::client_addr] $::dest_pairs " "]

 

if { $my_spool ne "" } {

 

log local0. "$my_spool"}{

 

snat $my_spool}

 

 

}

 

Based on the info being logged ($my_spool) i do see the external address, but when I check the firewall logs I see the internal address attempting to go out, which suggests that the snat is not being applied.

 

 

Again, any help would be appreciated