Forum Discussion
yammy1688_99834
Nimbostratus
Nimbostratususe gateway based on source address
Hey Gang,
I've been working with f5 support trying to get this working while now but can't seem to get it going for some reason. Essentially, I need traffic sourced from a node to be sent out a particular gateway, in this case, 10.64.20.2 (firewall interface).
I set up a 0.0.0.0/0.0.0.0 IP forwarding VS coupled with this irule
when CLIENT_ACCEPTED {
if {[[IP::client_addr] equals "10.64.40.0/24"] } {
node 10.64.40.2
}
}
The LTM floating IP (10.64.40.1) is set as the default gateway of the node, and node IP is 10.64.40.80.
Doesn't want to work for some reason.
I tried copying the config from this thread: http://devcentral.f5.com/Community/...fault.aspx
Looks pretty straightforward, but I must be doing something wrong. Would appreciate if others had any thoughts/ideas.
Thanks,
-Ken
hooleylistCirrostratus
Hi Ken,
It's missing "IP::addr" to actually do the comparison:when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals "10.64.40.0/24"] } { node 10.64.40.2 } }
Aaron
yammy1688_99834hoolio, you should be coolio cause you're that awesome har har.Worked right off the bat!
Thanks!
- yammy1688_99834Posted By hoolio on 03/28/2011 08:11 PM Hi Ken,
It's missing "IP::addr" to actually do the comparison:when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals "10.64.40.0/24"] } { node 10.64.40.2 } }
Aaron
Would it be possible to use a class containing a subnet/gateway pair for this rule? I can't quite figure out how to get a pair of variables to go together. 
HamishCirrocumulus
Yep. Use an address class.
I have some code around here somewhere. I'll grab it and post...
H
Michael_YatesSure. Try this:when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals mynetworks] } { pool matching.pool.name or node 10.10.10.10 } else { pool nonmatching.pool.name or node 20.20.20.20 } }- yammy1688_99834Posted By Michael Yates on 03/29/2011 01:16 PM Sure. Try this:
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals mynetworks] } { pool matching.pool.name or node 10.10.10.10 } else { pool nonmatching.pool.name or node 20.20.20.20 } }
Hi Michael,Looks like the source host is set to use a class variable, but the gateway(node) is still statically set? Is there a way to keep a sourceip/gateway pair matched?
- Hamish
Apologies... This is from memory...catch { pool [class match -value [IP::client_addr] eq mynetworks]
Where the class is now in key/value format... - HamishOh... And the class is of Address type. So you specify IP/Mask for the key and a string for the value
- yammy1688_99834I started a thread in the iRULES forum seeing as how my original problem is fixed and it would be more relevant there.
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1178482/showtab/groupforums/Default.aspx
FYI.
Thanks,
-Ken