anuj_2931
Aug 13, 2012Nimbostratus
SNAT irule question
Hi Guys,
On a Virtual server, which has apache servers as pool memebers, we have snat enabled on it. The servers are in 192.168.14.0/24 subnet. The other subnet in our network is192.168.10.0. The f5 ltm has floating IP's in for both subnets.
Now I want to remove SNAT because, we want to get client IP's which come over the internet to access our webservers.
Currently on our apache server, the default gateway is set as 192.168.14.1 (edge firewall).
This is my plan to make this happen. Please let me know if this looks good.
1. Remove SNAT on virtual server.
2. Add irule which does "snat automap" if the client is local 192.168.10.0/24 and 14.0/24. Otherwise just forward.
when CLIENT_ACCEPTED {
check if client_addr = any in the class
if { [matchclass [IP::client_addr] equals $::Hosts]} {
snat automap
} else {
don't do any source address translation
forward
}
}
3. Add default gateway as 14.236 (floating ip of LTM). Add static routes for 10.0/24 and 14.0/24
pointing to fiewall (14.1).
Do you think this will work.