For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jdscrymgeour_42's avatar
jdscrymgeour_42
Icon for Nimbostratus rankNimbostratus
Nov 22, 2011

source port translation/ port pool

I need to either restrict the source ports used when snatting to specific ports per rule or set up a pool for a specific SNAT, I cannot see if this is possible to do if anyone can help?     Than...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Nov 22, 2011
is it something like this? or do i misunderstand what you are asking? 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        if {[IP::addr [IP::client_addr] equals 172.28.19.251/32]}{
                snat 200.200.200.222 2222
        }
}
}
[root@ve1023:Active] config  b snat translation list
snat translation 200.200.200.222 {}

[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
17:33:08.241129 IP 172.28.19.251.36749 > 172.28.19.79.80: S 87059803:87059803(0) win 5840 
17:33:08.241177 IP 172.28.19.79.80 > 172.28.19.251.36749: S 3835525115:3835525115(0) ack 87059804 win 4380 
17:33:08.241895 IP 172.28.19.251.36749 > 172.28.19.79.80: . ack 1 win 46 
17:33:08.241971 IP 200.200.200.222.2222 > 200.200.200.101.80: S 3823560177:3823560177(0) win 4380 
17:33:08.241977 IP 172.28.19.251.36749 > 172.28.19.79.80: P 1:156(155) ack 1 win 46 
17:33:08.243959 IP 200.200.200.101.80 > 200.200.200.222.2222: S 2304621412:2304621412(0) ack 3823560178 win 5792 
17:33:08.243972 IP 200.200.200.222.2222 > 200.200.200.101.80: . ack 1 win 4380 
17:33:08.243985 IP 200.200.200.222.2222 > 200.200.200.101.80: P 1:156(155) ack 1 win 4380 
17:33:08.244979 IP 200.200.200.101.80 > 200.200.200.222.2222: . ack 156 win 54 
17:33:08.246933 IP 200.200.200.101.80 > 200.200.200.222.2222: P 1:263(262) ack 156 win 54 
17:33:08.246944 IP 172.28.19.79.80 > 172.28.19.251.36749: P 1:263(262) ack 156 win 4535 
17:33:08.246948 IP 200.200.200.101.80 > 200.200.200.222.2222: F 263:263(0) ack 156 win 54 
17:33:08.246954 IP 200.200.200.222.2222 > 200.200.200.101.80: . ack 264 win 4642 
17:33:08.246958 IP 172.28.19.79.80 > 172.28.19.251.36749: F 263:263(0) ack 156 win 4535 
17:33:08.247870 IP 172.28.19.251.36749 > 172.28.19.79.80: . ack 263 win 54 
17:33:08.248824 IP 172.28.19.251.36749 > 172.28.19.79.80: F 156:156(0) ack 264 win 54 
17:33:08.248842 IP 172.28.19.79.80 > 172.28.19.251.36749: . ack 157 win 4535 
17:33:08.248847 IP 200.200.200.222.2222 > 200.200.200.101.80: F 156:156(0) ack 264 win 4642 
17:33:08.249822 IP 200.200.200.101.80 > 200.200.200.222.2222: . ack 157 win 54