Forum Discussion
Egbert_Bryant_1
Nimbostratus
NimbostratusTCP Port Redirect
I am trying to write the following rules and I am getting errors on line 1, 6, and 10. please let me know what I am doing wrong.
class ports {
80
443
}
when CLIENT_ACCEPTED {
if { [matchclass [TCP::client_port ] equals $ports ]}
node 167.206.169.130
} else {discard}
}
6 Replies
- Regarding formatting try:
when CLIENT_ACCEPTED {
if {[matchclass [TCP::client_port ] equals $ports ]}{
node 167.206.169.130
} else {
discard
}
}
Must catch bus.... will take another look tomorrow! - To create a class to match against, in the Big-IP Web interface, navigate to: "Local Traffic -> Virtual Servers -> iRules" and then click on the "Data Group List" tab.
From here click, enter a name and add some integers to match your TCP Ports.
Hope this helps. - You'll also need to use global variable syntax to reference a class, as classes are global constructs:
when CLIENT_ACCEPTED { if {[matchclass [TCP::client_port ] equals $::ports]}{ node 167.206.169.130 } else { discard } }
/deb - (and I think what Nato is getting at is that the class is not part of the rule itself, instead must be created elsewhere and referenced by the iRule)
/deb - There was also a missing a curly brace in my rule revision above -- I've edited to correct that.
Egbert_Bryant_1Thanks, however it looks like the rule is not working. I have the rule applied to a virtual server with the following setup. and I see that there's too much traffic. I am trying to control traffic from my inside clients trying to access the internet - I would like to redirect specific ports to the ISP with the most bandwidth.
network 0.0.0.0/0.0.0.0
and all ports
