For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Fabou_139732's avatar
Fabou_139732
Icon for Nimbostratus rankNimbostratus
Mar 19, 2014

SNAT to multiple addresses and ports

Hi Guys,   I have to create SNAT rule to allow some host to access external system, so they are hidden behind nated address.   I am planning to use virtual servers (Forwarding IP) for this, and...
application delivery
deployment
design
LTM
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Mar 21, 2014

you could do this with a simple iRule

when CLIENT_ACCEPTED {
  switch [TCP::local_port] {
    "80" -
    "8080" -
    "443" {
            if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] &&
                 ([IP::addr [IP::local_addr] equals 172.16.31.5] ||
                  [IP::addr [IP::local_addr] equals 172.16.30.5]) } {
                  snat x.x.x.x
            }
          }
  }
}

as you add more, it would make sense to move the data to a data group and use the class command to extract it. You might format like:

client_addr := snat_ip,dest_ip1,dest_ip2

so when you extract it based on client address, you can then get to each of the fields you need with the getfield command.