Forum Discussion

Nimbostratus

Mar 27, 2018

wildcard VS and SNAT

Hey! I'm trying to write a SNAT irule for a wildcard virtual server(Forwarding IP), so if it's RFC1918 address don't do snat and when it's any other then snat outside interface float ip. The F5 "s...

Ret. Employee

Mar 27, 2018

Certainly the solution you are trying to achieve is possible. Your current approach needs some tweaking though in order to get it to work. You cannot make a comparison of a raw IP address with a network address range without incorporating the IP::addr command. For example [IP::addr [IP::client_addr] equals 10.0.0.0/8] checks to see if the client's IP address is in the 10.0.0.0/8 network. It will probably be easier to do this check from an IF statement rather than a SWITCH. Something like this perhaps:

when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] ||
         [IP::addr [IP::client_addr] equals 172.16.0.0/12] ||
         [IP::addr [IP::client_addr] equals 192.168.0.0/16] } {
        snat none
    } else {
        snat 8.8.8.8
    }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

wildcard VS and SNAT

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Wildcard Parameter signature attack

Wildcard in SNAT

SNAT IP address logging

iRule http host with wildcard domain

SNAT pool persistence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS