Aaron,
Thanks for the reply, I not sure if I stated my issue very well or just to dumb to follow your example. I really just want to snat the web servers address when making a call to my internal web sites not from any where else. Iwas thinking of using the following Irule for that:
when CLIENT_ACCEPTED {
checks to see if client_addr = any in the class
if { [matchclass [IP::client_addr] equals $::Hosts]} {
checks to see if the class contains the server_port requested
if { [matchclass [TCP::server_port] equals $::Ports]} {
if above are correct snat to this address
snat 192.168.100.12
} else {
if all don't match just forward without address rewrite.
forward
}
}
}
I would also need to set up a couple of data group list but I don't see how to do that and can't find any doc's on it. I don't see how the above Irule uses the groups to check source ip and port.
class Hosts {
10.0.0.1
10.0.0.2
10.0.0.23
}
class Ports {
443