Forum Discussion
Mahantesh_Bisur
Nimbostratus
NimbostratusSNAT iRule based on client IP address
Hi All,
I am looking for an Irule on a virtual server to use a different snatpool based on the actual client ip address and this has to scale up to multiple different clients(around 50 to 100) ...
Yes, when new customers comes in you'd have to update the rule. There isn't another way to get a 1:1 ratio between the snat addresses that I can think of. I wrote the rule with snatpools since that's what you asked for, but it might actually be easier and more clean to use the snat command instead of the pools.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.0.0.1] {
snat 172.18.1.1
} elseif { [IP::addr [IP::client_addr] equals 10.0.0.2] } }{
snat 172.18.1.2
} elseif { [IP::addr [IP::client_addr] equals 10.0.0.3] } }{
snat 172.18.1.3
}
}
Another possibility could be to use a key value pair in a data group list. You then create a data grouplist called ie snatlist (or some other name) with key/value pairs of client-ip = snat-ip. This would minimize the irule editing and focus on data group lists instead.
With the example above the list would be:
10.0.0.1 = 172.18.1.1
10.0.0.2 = 172.18.1.2
10.0.0.3 = 172.18.1.3
And the rule would look something like this (untested by me though):
when CLIENT_ACCEPTED {
Check if there's an entry for the client ip in the snatlist data group list
if { [class match [IP::remote_addr] equals snatlist] } {
If there is check the value for the ip in question
snat [class lookup [IP::remote_addr] snatlist]
} else {
Default action drop
drop
}
}
Hope that's somewhat clear.
/Patrik
