shawmcbigdis_84
Jul 23, 2009Nimbostratus
SNAT iRule problem
I'm trying to get snat to work for only outbound internet connections, not for internal addresses. I am using the following rule;
when SERVER_CONNECTED {
Compare destination address with the pre-defined
class of RFC1918 non-routable addresses
If not in that group, automap-SNAT the connection
log local0. "in SERVER_CONNECTED with [IP::server_addr]"
if {not [matchclass [IP::server_addr] equals ::private_net] } {
snat automap
log local0. "[IP::client_addr] client address"
log local0. "[IP::local_addr] local address"
}
}
the rule does not throw any errors, but the snat is not functioning. When I have this rule as in place on our default rout VIP with SNAT off on the VIP it logs the client and local IP's as the IP of the physical box. When I turn snat on on hte VIP it logs the local ip of the BigIP for the client address (and NAT'ing works obviously)
I'm pretty new to, and not very good at this whole iRule thing, so I'm sure it's something little that I'm missing.
Thanks