Forum Discussion
NimbostratusSNAT outbound only for specific servers to specific destination
Hi, I am looking for a way to SNAT traffic going out from a specific set of servers behind F5 ltm (ltm is the gateway for the servers) to a particular destination in the internet. I can create a VS with the destination, with a snat and selecting the vlan the servers are on, but that applies the Snat to all the servers in the vlan. But i wanth only the particular servers to ber SNATed and not all in the vlan. Anyway this could be achieved?
5 Replies
- nitass
Employee
source setting is introduced in 11.3.0.
sol14800: Order of precedence for virtual server matching (11.3.0 and later)
http://support.f5.com/kb/en-us/solutions/public/14000/800/sol14800.htmlif you are running version prior to 11.3.0, you may use irule to check client ip and take whatever action you want e.g. snat, reject.
IP::client_addr
https://devcentral.f5.com/wiki/iRules.ip__client_addr.ashx 
Karthik_KumaranThanks. I am running 11.2. What if i have only 3 servers in the vlan that need to be SNATed. Is it possible to refer only the 3 servers in an object/datagroup and call in the irule?
JGCumulonimbus
Can't you set up a one-to-one SNAT mapping for each of the 3 servers?
- The_Bhattman
Hi Karthik, Here is an example of where you can apply an Irule on a Forwarding Virtual Server.
The below assumes you have created a network address Datagroup and snat pool
when CLIENT_ACCEPTED { This irule will snat all requests except for clients destined to a network that doesn't need to be SNAT'd if { ![class match [IP::local_addr] equals dg-exclude-net] } { snatpool snat_client_outbound } }I hope this helps
-=Bhattman=-
- Karthik_Kumaran
Thanks Bhattman. Let me try this one.
