Paul_Farag_1097
Nov 08, 2007Nimbostratus
Conidtional SNATing
I am a little confused I wrote an irule to perform SNATs for certain IP's and not for other IP's. The irule I wrote is as follows:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::NO_SNAT] } {
forward
} elseif { [matchclass [IP::client_addr] equals $::SNAT_GROUP02] } {
snatpool SNAT_POOL1
} elseif { [matchclass [IP::client_addr] equals $::NAT_GROUP03] } {
snatpool SNAT_POOL2
} elseif { [matchclass [IP::client_addr] equals $::NAT_GROUP04] } {
snatpool SNAT_POOL3
} elseif { [matchclass [IP::client_addr] equals $::NAT_GROUP05] } {
snatpool SNAT_POOL4
} elseif { [matchclass [IP::client_addr] equals $::NAT_GROUP06] } {
snatpool SNAT_POOL5
} else {
log local0.info
forward
}
}
The logic looks ok, but when I tested this I sourced my telnets from an IP in NAT_GROUP03, and I was never seeing the packet reach the pool. However once I removed the top if statement and forward statement the irule worked. It looks like having the forward at the top of the if's did not allow this irule to work.
My question is what is the logic for the forward... The devcentral WIKI did not have anything but the command has been available since 9.0.0. Any help would be much appreciated.