Forum Discussion
AltostratusUDP Payload replace destination IP with iRules
Hi Community,
i want to ask you if is it possible to replace the destination IP of the UDP Payload
i think that it might be like this :
scan [IP::local_addr] "%d.%d.%d.%d" a b c d
set ww [IP::local_addr] "1.1.$c.$d" set xx [binary format c4 $ww] UDP::payload replace 0 0 $xx 14 Replies
- The_Bhattman
Nimbostratus
Hi MDPF5,
Can you explain what kind of behavior are you looking to do with the replacing the IP address in a payload. This might help us further understand how we can help you.
-=Bhattman=-
nitass_89166Noctilucent
i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks
can you give some example?
MDPF5_152674Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support
- nitass
Employee
i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks
can you give some example?
- MDPF5_152674Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support
- nitass
But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule
have you tried "node" command? you may have to enable translate address if it is not enabled under virtual server configuration.
node
https://devcentral.f5.com/wiki/iRules.node.ashxtranslate
https://devcentral.f5.com/wiki/iRules.translate.ashx- MDPF5_152674Thank you for your answer, i've tried the node command but it didn't give me any output ( not functioning) I've checked my Forwaring virtual server and it didn't have the address translate option but if i create a new virtual server i can see the option so, under the forwarding virtual server I'm not be able to use the translation commands? Thanks for support
- nitasscan you change to performance layer 4 or standard virtual server? you do not need to assign pool. without pool, packet will be forwarded based on routing.
- MDPF5_152674Yes i can change it, but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement So, there are other solutions to create a Destination IP translation? Thank You
- nitass_89166
But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule
have you tried "node" command? you may have to enable translate address if it is not enabled under virtual server configuration.
node
https://devcentral.f5.com/wiki/iRules.node.ashxtranslate
https://devcentral.f5.com/wiki/iRules.translate.ashx- MDPF5_152674Thank you for your answer, i've tried the node command but it didn't give me any output ( not functioning) I've checked my Forwaring virtual server and it didn't have the address translate option but if i create a new virtual server i can see the option so, under the forwarding virtual server I'm not be able to use the translation commands? Thanks for support
- nitass_89166can you change to performance layer 4 or standard virtual server? you do not need to assign pool. without pool, packet will be forwarded based on routing.
- MDPF5_152674Yes i can change it, but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement So, there are other solutions to create a Destination IP translation? Thank You
- nitass
but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement
this is mine.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual udpfwd ltm virtual udpfwd { destination any:0 ip-protocol udp mask any profiles { fastL4 { } } rules { qux } source 0.0.0.0/0 translate-address disabled translate-port disabled vs-index 54 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { translate address enable node 1.1.1.1 } } trace [root@ve11a:Active:In Sync] config tcpdump -nni 0.0 -s0 udp port 1234 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes 08:19:44.971945 IP 200.200.200.101.32846 > 100.100.100.1.1234: UDP, length 5 in slot1/tmm0 lis= 08:19:44.972019 IP 200.200.200.101.32846 > 1.1.1.1.1234: UDP, length 5 out slot1/tmm0 lis=/Common/udpfwd
