Hi Community, i want to ask you if is it possible to replace the destination IP of the UDP Payload i think that it might be like this : scan [IP::local_addr] "%d.%d.%d.%d" a b c d set ww [IP::local_addr] "1.1.$c.$d" set xx [binary format c4 $ww] UDP::payload replace 0 0 $xx

Hi MDPF5, Can you explain what kind of behavior are you looking to do with the replacing the IP address in a payload. This might help us further understand how we can help you. -=Bhattman=-

i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks can you give some example?

Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support

UDP Payload replace destination IP with iRules

The_Bhattman
Nimbostratus
Jul 05, 2014
Hi MDPF5,

Can you explain what kind of behavior are you looking to do with the replacing the IP address in a payload. This might help us further understand how we can help you.

-=Bhattman=-
nitass_89166
Noctilucent
Jul 07, 2014
i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks

can you give some example?
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support
nitass
Employee
Jul 07, 2014
i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks

can you give some example?
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support
nitass
Employee
Jul 07, 2014
But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule

have you tried "node" command? you may have to enable translate address if it is not enabled under virtual server configuration.

node

https://devcentral.f5.com/wiki/iRules.node.ashx

translate

https://devcentral.f5.com/wiki/iRules.translate.ashx
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Thank you for your answer, i've tried the node command but it didn't give me any output ( not functioning) I've checked my Forwaring virtual server and it didn't have the address translate option but if i create a new virtual server i can see the option so, under the forwarding virtual server I'm not be able to use the translation commands? Thanks for support
- nitass
  Employee
  Jul 07, 2014
  can you change to performance layer 4 or standard virtual server? you do not need to assign pool. without pool, packet will be forwarded based on routing.
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes i can change it, but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement So, there are other solutions to create a Destination IP translation? Thank You
nitass_89166
Noctilucent
Jul 07, 2014
But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule

have you tried "node" command? you may have to enable translate address if it is not enabled under virtual server configuration.

node

https://devcentral.f5.com/wiki/iRules.node.ashx

translate

https://devcentral.f5.com/wiki/iRules.translate.ashx
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Thank you for your answer, i've tried the node command but it didn't give me any output ( not functioning) I've checked my Forwaring virtual server and it didn't have the address translate option but if i create a new virtual server i can see the option so, under the forwarding virtual server I'm not be able to use the translation commands? Thanks for support
- nitass_89166
  Noctilucent
  Jul 07, 2014
  can you change to performance layer 4 or standard virtual server? you do not need to assign pool. without pool, packet will be forwarded based on routing.
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes i can change it, but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement So, there are other solutions to create a Destination IP translation? Thank You

nitass

Employee

Jul 07, 2014

but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement

this is mine.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual udpfwd
ltm virtual udpfwd {
    destination any:0
    ip-protocol udp
    mask any
    profiles {
        fastL4 { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vs-index 54
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  translate address enable
  node 1.1.1.1
}
}

 trace

[root@ve11a:Active:In Sync] config  tcpdump -nni 0.0 -s0 udp port 1234
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:19:44.971945 IP 200.200.200.101.32846 > 100.100.100.1.1234: UDP, length 5 in slot1/tmm0 lis=
08:19:44.972019 IP 200.200.200.101.32846 > 1.1.1.1.1234: UDP, length 5 out slot1/tmm0 lis=/Common/udpfwd

Forum Discussion

UDP Payload replace destination IP with iRules

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

SSL::payload replace - silent failure?

Replacing packet payload contents

Destination address at F5

ADFS Proxy Replacement on F5 BIG-IP

string first replacement procedure for ID999881

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS