wildcard VS and SNAT

Question

Hey! 
I'm trying to write a SNAT irule for a wildcard virtual server(Forwarding IP), so if it's RFC1918 address don't do snat and when it's any other then snat outside interface float ip. The F5 "snat automap" doesn't work really well - so it sometimes works, sometimes doesn't. 
This is what i've come up to this point. Is this kinda thing even possible what I'm trying to achieve?
when CLIENT_ACCEPTED { 
  switch [IP::remote_addr] { 
    10.0.0.0/8 {
        snat none } 
    172.16.0.0/12 { 
        snat none } 
    192.168.0.0/16 {
        snat none } 
    default {
        snat 8.8.8.8  }
  } 
}

Thanks!

crodriguez · Answer

Certainly the solution you are trying to achieve is possible. Your current approach needs some tweaking though in order to get it to work. You cannot make a comparison of a raw IP address with a network address range without incorporating the IP::addr command. For example [IP::addr [IP::client_addr] equals 10.0.0.0/8] checks to see if the client's IP address is in the 10.0.0.0/8 network. It will probably be easier to do this check from an IF statement rather than a SWITCH. Something like this perhaps:
when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] ||
         [IP::addr [IP::client_addr] equals 172.16.0.0/12] ||
         [IP::addr [IP::client_addr] equals 192.168.0.0/16] } {
        snat none
    } else {
        snat 8.8.8.8
    }
}

Forum Discussion

wildcard VS and SNAT

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Wildcard Parameter signature attack

Wildcard in SNAT

SNAT IP address logging

iRule http host with wildcard domain

SNAT pool persistence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS