Forum Discussion
NimbostratusSNAT iRule
I am trying to write a SNAT rule that will use a data group to map the client address to a specific SNAT in version 10.2.3. Due to the protocol, we need this functionality to allow traceability in our environment. The iRule never returns a value from the data group. I have tried many formats for the string group, but no luck in matching. Am I not formating the data group correctly or am I having trouble comparing the string to the address? I've tried many different ways to format the class match line as well.
class snat_map {
{
"\"10.100.61.150\" := { \"10.146.1.7\" }"
"\"10.100.61.150\" { \"10.146.1.3\" }"
"10.100.61.150 := { \"10.146.1.4\" }"
"10.100.61.150 { \"10.146.1.6\"}"
"10.100.61.150 { 10.146.1.5 }"
"10.100.61.150:=10.146.1.3"
}
}
rule snat_rule {
when CLIENT_ACCEPTED {
TCP::collect 8
set srcip [IP::client_addr]
log local0. "Entering iRule snat_rule $srcip"
set snat_address [class match -value "$srcip" equals snat_map]
log local0. "snat_address is $snat_address"
if { "$snat_address" ne "" } {
log local0. "Using address $snat_address"
snat $snat_address
}
Use default SNAT pool if not found
}
}
Feb 15 07:02:55 local/tmm1 info tmm1[2858]: Rule slp_snap_rule : Entering iRule slp_snat_rule 10.100.61.150
Feb 15 07:02:55 local/tmm1 info tmm1[2858]: Rule slp_snap_rule : snat_address is
8 Replies
- nitass
Employee
e.g.[root@ve10:Active] config b class snat_map list class snat_map { "10.100.61.150" { "10.146.1.7" } } [root@ve10:Active] config b rule myrule list rule myrule { when RULE_INIT { set srcip "10.100.61.150" log local0. "\[class match -value $srcip equals snat_map\] [class match -value $srcip equals snat_map]" } } [root@ve10:Active] config cat /var/log/ltm Feb 16 09:39:50 local/tmm info tmm[4909]: Rule myrule : [class match -value 10.100.61.150 equals snat_map] 10.146.1.7 
thebishop_10153I receive the following error when I use this format.
01070151:3: Rule [snat_rule] error: line 6: [wrong args] [class match - value $srcip equals snat_map]
If I put quotes around the srcip variable it will compile, but it won't match anything in the class.- What_Lies_Bene1
Cirrostratus
Is the log command all on one line? It should be. - thebishop_10153Yes, it is one line.
- What_Lies_Bene1OK, can you post your exact code?
- thebishop_10153Below if the latest.
when CLIENT_ACCEPTED {
TCP::collect 8
set snat_address [class match -value "[IP::client_addr]" equals snat_map]
log local0. "snat_address is $snat_address"
if { "$snat_address" ne "" } {
snat $snat_address
}
}
class snat_map {
"\"10.100.61.150\" { \"10.146.1.7\" }" - What_Lies_Bene1The rule code looks good to me. It saves OK on my v11.3 VE.
Did you miss the closing } for the Class configuration?
Interesting that the error references line 6, has the rule changed since you posted the error message? 
Luis_Araujo_560If I use the string in data group, the snat is executed in v11.x????
Tks
Luis
