Forum Discussion
NimbostratusUsing "Intelligent SNAT" for outbound traffic?
I'm reading on SNAT, specifically outbound. I have a address translation that is working fine, but I need to use a different SNAT if I'm connecting to a specific remote host. I'm trying to figure out if theres a way to use the "Intelligent SNAT" to accomplish this.
e.g.;
Outbound traffic is being SNAT'd to 10.10.10.20, but if I establish a connection to 192.168.45.65, from 10.1.0.10 (behind F5), I want the snat address to be 10.10.20.50.
Any help appreciated...
2 Replies
- boneyard
MVP
this is a quite common question, with a little searching you should be able to find what you need.
this SOL gives a start: http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7820.html
there they do it based on port, you want it on destination address, the iRule wiki (or again some searching) will be able to help with that.
if you got an irule ready post it for feedback.
- boneyard
there are a couple of issues with that iRule
SERVER_CONNECTED won't be hit until there is a connection with the server, that connection needs to use the SNAT address you want so you should do this earlier, the CLIENT_ACCEPTED event is a good one.
then you do need to swap [IP::remote_addr] to [IP::local_addr] as that is the IP of the server you are connecting to (seems weird, but this is looking from the big-ip point of view)
i mocked something up that works fine on a forwarding IP or performance L4 virtual server
when CLIENT_ACCEPTED { if { [IP::addr [IP::local_addr] equals 30.30.30.30/24] } { snat 10.10.20.50 } elseif { [IP::addr [IP::local_addr] equals 40.40.40.40/32] } { snat 10.10.10.20 } else { snat none } }now it is up to you to add the classmatch stuff again if you need it. again if you get stuck post here.
