Forum Discussion

Cirrostratus

Oct 28, 2009

SNAT to designated Pool Members without iRule

I know this is asking a lot... Consider a pool with two pool members. One member is in a LTM VLAN, and another is not. If I envision this correctly in my head, forwarding will fail to t...

config

design

hoolio

Cirrostratus

Oct 28, 2009

Hi Scott,

I think you'll need an iRule as the SNAT configuration you can add to a virtual server doesn't allow you to enable SNAT based on destination IP addresses/subnets.

A selective SNAT iRule should be relatively low overhead and provide the functionality you're needing without having to explicitly define which pool members need SNAT and which ones don't:

http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html

You could try adapting this to check if the LB::server addr is not in the same subnet as the self IP address that will be used to SNAT the request. You'd probably need to hardcode this subnet in the iRule.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)