F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

David_revilla_f's avatar
David_revilla_f
Icon for Nimbostratus rankNimbostratus
Nov 21, 2007

Snat or nat senteces

Hi everyone,

 

 

I am composing this irule

 

 

rule subscription {

 

when HTTP_REQUEST {

 

if { [[TCP::remote_port] == 20001]] or [[TCP::remote_port] == 30001]] or [[TCP::remote_port] == 20002]] or [[TCP::remote_port] == 30002]] } {

 

nat { 192.168.1.51 to 172.16.50.195 }

 

nat { 192.168.1.52 to 172.16.50.244 }

 

}

 

}

 

}

 

when HTTP_REPLY {

 

if { [[TCP::remote_port] == 20001]] or [[TCP::remote_port] == 30001]] or [[TCP::remote_port] == 20002]] or [[TCP::remote_port] == 30002]] } {

 

nat { 192.168.1.51 to 172.16.50.195 }

 

nat { 192.168.1.52 to 172.16.50.244 }

 

}

 

 

I do not know if nat sentence is correct or i have to use snat instead. In both cases, which is the correct format for this type of sentences?

 

 

Thank you very much in advance.

 

David

 

 

}

 

}

 

application delivery
dev
devops
iRules

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 21, 2007
    Hi David,

    There isn't an iRule command to dynamically create a NAT. If you want to apply a source address translation on the request sent to the destination server, you can use the SNAT command (Click here). If you want to only apply the SNAT for specific client IP addresses, you can evaluate them using the IP::addr command (Click here). Also, you don't need to do anything in the HTTP_RESPONSE event in order for TMM to reverse the translation for responses back to the client.

    If you're wanting to check the TCP port the client made the request to, you can use TCP::local_port in clientside events. A switch statement would be an efficient way to check this.

    Lastly, if you're only using IP and port information, you can use the CLIENT_ACCEPTED event instead of the HTTP_REQUEST event (Click here). 

    
when CLIENT_ACCEPTED {
   switch [TCP::local_port] {
   20001 -
   20002 -
   30001 -
   30002 {  request was to one of the listed TCP ports
          check the client IP address to see if we apply the source address translation
         if {[IP::addr [IP::client_addr] equals 192.168.1.51]}{
             apply source address translation
            snat 172.16.50.195
          check the client IP address to see if we apply the source address translation
         } elseif {[IP::addr [IP::client_addr] equals 192.168.1.52]}{
             apply source address translation
            snat 172.16.50.244
         }
      }
   }
}

    Aaron