Forum Discussion
Abed_AL-R
Cirrostratus
CirrostratusSource NAT based on XFF header
Hello all
I'm trying to implement irule that is doing source NAT based on XFF header received from our proxy server behind the f5 LTM .
This irule should serve more than 50 subnets , each subnet ...
Abed_AL-RCirrostratus
CirrostratusI'm trying to configure this irule
when HTTP_REQUEST {
if { [class match [HTTP::header values "X-Forwarded-For"] equals XFF_SourceNAT] } {
log local0.alert "Matched XFF [HTTP::header values "X-Forwarded-For"] to group"
set category [class match -value [HTTP::header values "X-Forwarded-For"] equals XFF_SourceNAT]
log local0.alert "Setting category to $category"
NAT traffic according to xforwarded-for header
snatpool $category
} else {
log local0. "No X-Forwarded-For header found."
either for websense updates or traffic is not hitting the xff datagroup
if { [[IP::client_addr] equals 192.168.182.0/16] }
{
pool FW-Pool
} else {
drop
}
}
}
And in datagroup XFF_SourceNAT {address type) I configured:
172.28.0.0/16:= 2.2.2.2
But in the /var/log/ltm is see the follwoing error:
`Jan 23 21:22:49 slot2/f5 err tmm5[9013]: 01220001:3: TCL error: /partition1/SNAT-XFF-irule - bad IP network address format (line 1)invalid IP match item for IP class /ORT/XFF_SourceNAT (line 1) invoked from within "class match [HTTP::header values "X-Forwarded-For"] equals XFF_SourceNAT"
What can be done to fix the issue?
