SNAT iRule problem

Denny and Aaron,

 

 

I changed the rule based on your suggestions to look like this;

 

 

when CLIENT_ACCEPTED {

 

 

Compare destination address with the pre-defined

 

class of RFC1918 non-routable addresses

 

If not in that group, automap-SNAT the connection

 

 

log local0. "in CLIENT_ACCEPTED with [IP::local_addr]"

 

 

if {not [matchclass [IP::local_addr] equals ::private_net] } {

 

snat automap

 

log local0. "[IP::client_addr] client address"

 

log local0. "[IP::server_addr] server address"

 

}

 

}

 

 

This still isn't functioning properly. in the log I get the following results;

 

 

Rule outboundSNAT : in CLIENT_ACCEPTED with 74.125.19.147

 

Rule outboundSNAT : 172.18.16.34 client address

 

01220001:3: TCL error: outboundSNAT - Error: No serverside connection established (line 10) invoked from within "IP::server_addr"

 

 

I don't think that error is a problem, since it's just on the log line, but the fact remains that it is still not NAT'ing the connection. And yes, this is on a forwarding VIP. Perhaps I should explain our issue,

 

 

Basically we have an the Big IP behind a firewall, the switch with all the internal VLAN's connects both to the BigIP and directly to the firewall (for internal networking reasons). So when clients behind the BigIP (which all use the BigIP as their default gateway) try to go to the internet, the packet goes out just fine but when it comes back in the firewall grabs the packet and shoots it directly at the switch. Thus we need the BigIP to NAT those outbound internet connections only.

 

 

Thanks