Route domain SNAT and NAT implementation
Problem this snippet solves:
According to solution 9933 available on askf5 NAT and snats do not forward traffic within route domains. This limitation is difficult to deal with but below is an effective way to create NAT and snats on LTM-v10.0.x with route domains.
How to use this snippet:
Dependencies
This iRule depends upon a single datagroup (class) of type String named iSnat_List. As well as at least 1 virtual server for SNAT only, or 2 if you want NAT functionality
Example Class
Class definition in BIG-IP
class iSnat_List { type string filename "/var/class/iSnat_List" }
Class file contents "<Source IP in IPv4%RD notation>" := "<Snat IPv4%RD>",
[root@b3400-2:Active] config # cat /var/class/iSnat_List “10.1.161.21%1101” := “10.2.161.21%1102”, “10.1.161.22%1101” := “10.2.161.22%1102”,
Example Snat Forwarding Virtual
virtual outbound-snat { ip forward destination any%1101:any mask 0.0.0.0 rules iSnat_RD vlans external enable }
Example NAT Inbound Virtual with Pool
virtual inbound-NAT-10.2.161.21 { pool inbound-NAT-10.2.161.21 destination 10.2.161.21%1102:any vlans internal enable } pool inbound-NAT-10.2.161.21 { monitor all gateway_icmp members 10.1.161.21%1101:any {} }
Code :
rule iSnat_RD { when CLIENT_ACCEPTED { set entry [class search -value iSnat_List equals [IP::client_addr]] if { $entry ne "" } { snat $entry node [getfield [IP::local_addr] "%" 1]%[getfield $entry "%" 2] #log local0. "snating src-ip [IP::client_addr] to $entry to node [getfield [IP::local_addr] "%" 1]%[getfield $entry "%" 2]." } else { log local0. "no Snat found for [IP::client_addr]" } } }
Published Mar 18, 2015
Version 1.0Michael_Earnhar
Historic F5 Account
Joined October 30, 2008
Michael_Earnhar
Historic F5 Account
Joined October 30, 2008
No CommentsBe the first to comment