Forum Discussion

Nimbostratus

Oct 16, 2015

SNAT outbound connections from pool members to virtual server IP for a specific outbound port

I have a virtual server for inbound ftp connections Virtual server: 1.1.1.1:21, using the standard FTP profile and source_addr persistence, 30 min timeout Pool Members: 10.0.0.10:21 10.0.0.11:...

application delivery

LTM

Andy_McGrath

Cumulonimbus

Oct 20, 2015

No 'Source' value is only the ip subnet only not the port, the following irule will monitor the client port (in this case the FTP server port) and uses 'switch' instead of lots of 'elseif' statements.

when CLIENT_ACCEPTED {
    if { [TCP::client_port] == 21] || [TCP::client_port] == 22] }{
    switch [IP::addr [IP::client_addr] mask 255.255.255.255]
            "10.0.0.10" { snat 172.18.1.1 } 
            "10.0.0.11" { snat 172.18.1.1 }
            "10.0.0.12" { snat 172.18.1.2 }
            "10.0.0.13" { snat 172.18.1.2 }
            "10.0.0.14" { snat 172.18.1.3 }
            "10.0.0.15" { snat 172.18.1.3 }
    }
}

Having said that is this for return traffic from FTP server to client?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)