Forum Discussion

David_Noonan_67's avatar
Icon for Nimbostratus rankNimbostratus
Apr 26, 2011

SNAT selected source addresses on a VS

We have a VS that does NOT include SNAT. Our issue is that some of the backend servers also need to use the VS and as they're on the same subnet as the VS pool servers that doesn't work without SNAT.



I found the example below under the snat command at devcentral and just want to confirm that it does what I think it does.



I believe this will SNAT any traffic to the virtual server from so that the servers will see as the source. Yes?





if { [IP::addr [IP::local_addr] equals] }{










In particular we want to confirm that the irule will not do anything to outbound traffic (responses to clients hitting the VS).





2 Replies

  • I think that you will need to change from [IP::local_addr] to [IP::remote_addr]

    IP::local_addr - When called in a clientside context, this command returns the IP address of the virtual server the client is connected to.

    IP::remote_addr - Returns the IP address of the host on the far end of the connection.

    Other methods are shown here:

    We created an iRule that does the same / similar behavior but used Data Groups to contain all of the BigIP Networks. That way the iRule could be used on any Virtual Server. You could do something similar and use a specify a SNAT Pool.

    if { [class match [IP::remote_addr] equals mynetwork] } {
    snat automap
  • I was originally looking at this post which uses IP::client_addr and didn't notice that the example on the snat page was different.



    The docs for local_addr, client_addr and remote addr all make reference to "the client's IP address" which is very confusing. Fortunately the docs for IP::*_addr are much more clear.



    Looking at that link you sent the example for NATing when the client and server are on the same /24 is exactly what I'm trying to do so I think that's the one I'll go with.



    Thanks very much for the fast response.



    Of all the support avenues I use I think Dev Central is consistently the best at providing prompt, informative solutions.