Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Aug 15, 2017

Use iRule to SNAT based on Destination IP address without using a SNAT Pool.

I've seen an answer for a similar question on here, but the solution was to use a SNAT pool. Here's my situation:

 

  • ServerA that needs to reach out to an external IP address.
  • ServerA is in a SNAT pool already with two other servers.
  • The other two servers cannot have access to this external IP address
  • ServerA cannot be added to a second SNAT pool.

So what I was hoping to do was to be able to write an iRule (or preferably apply a Local Traffic Policy) that would SNAT traffic from ServerA to a specific IP address when it is going to this particular external IP address.

 

Any suggestions?

 

Thanks.

 

  • Hi

    I don't quite understand the question.

    A SNAT pool is a group of IP addresses that could be used as source IP's on the F5 ... Do you mean that ServerA has the SAME IP address as one that is in the SNAT pool?

    Do you need to conditinally SNAT traffic coming from Server A, in the event that it is destined for a specific external IP?

    if so:

    //

    when RULE_INIT {
        set ServerA 192.168.1.1
        set DestinA 10.0.0.1
    }
    
    when CLIENT_ACCEPTED {
        if { [IP::client_addr] equals $ServerA && [IP::remote_addr] equals $DestinA } {
            snat $ServerA
        }
    }
    

    //Jan