F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

David_revilla_f's avatar
David_revilla_f
Icon for Nimbostratus rankNimbostratus
Nov 21, 2007

Snat or nat senteces

Hi everyone,     I am composing this irule     rule subscription {   when HTTP_REQUEST {   if { [[TCP::remote_port] == 20001]] or [[TCP::remote_port] == 30001]] or [[TCP::remote_port...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 21, 2007
Hi David,

There isn't an iRule command to dynamically create a NAT. If you want to apply a source address translation on the request sent to the destination server, you can use the SNAT command (Click here). If you want to only apply the SNAT for specific client IP addresses, you can evaluate them using the IP::addr command (Click here). Also, you don't need to do anything in the HTTP_RESPONSE event in order for TMM to reverse the translation for responses back to the client.

If you're wanting to check the TCP port the client made the request to, you can use TCP::local_port in clientside events. A switch statement would be an efficient way to check this.

Lastly, if you're only using IP and port information, you can use the CLIENT_ACCEPTED event instead of the HTTP_REQUEST event (Click here). 


when CLIENT_ACCEPTED {
   switch [TCP::local_port] {
   20001 -
   20002 -
   30001 -
   30002 {  request was to one of the listed TCP ports
          check the client IP address to see if we apply the source address translation
         if {[IP::addr [IP::client_addr] equals 192.168.1.51]}{
             apply source address translation
            snat 172.16.50.195
          check the client IP address to see if we apply the source address translation
         } elseif {[IP::addr [IP::client_addr] equals 192.168.1.52]}{
             apply source address translation
            snat 172.16.50.244
         }
      }
   }
}

Aaron