For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Aug 15, 2017

Use iRule to SNAT based on Destination IP address without using a SNAT Pool.

I've seen an answer for a similar question on here, but the solution was to use a SNAT pool. Here's my situation:   ServerA that needs to reach out to an external IP address. ServerA is in a SNA...
application delivery
BIG-IP
devops
f5irule
local traffic policy
snat
janholtz's avatar
janholtz
Icon for Altostratus rankAltostratus
Aug 15, 2017

Hi

I don't quite understand the question.

A SNAT pool is a group of IP addresses that could be used as source IP's on the F5 ... Do you mean that ServerA has the SAME IP address as one that is in the SNAT pool?

Do you need to conditinally SNAT traffic coming from Server A, in the event that it is destined for a specific external IP?

if so:

//

when RULE_INIT {
    set ServerA 192.168.1.1
    set DestinA 10.0.0.1
}

when CLIENT_ACCEPTED {
    if { [IP::client_addr] equals $ServerA && [IP::remote_addr] equals $DestinA } {
        snat $ServerA
    }
}

//Jan