Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology


Change TCP and UDP IP address

Updated 6/27/2008 • Originally posted on 27-Jun-2008 by Miguel Alfaro 0

There is a way to change TCP or UDP headers?
For example: If some user makes a request to some Web, let’s say www.av.com ( the irule sees that IP and changes it by someone like ( in order to redirect the traffic.
The same if use ssh or telnet or any kind of traffic.

Something like

set old_IP [scan [IP::local_addr] "%d.%d.%d.%d"]
if $old_IP
set new “”
set new_ip [binary format c4 $new]
TCP::header replace (“ip address”) $new_ip ??????
Rate this Question

Answers to this Question

3 Answers:

Updated 27-Jun-2008 • Originally posted on 27-Jun-2008 by hoolio 2066
It looks like you have a wildcard VIP defined where you don't know what the destination IP will be and only want to perform destination address translation for some of the addresses. If that's the case, I'd suggest configuring additional IP Forwarding VIPs for the addresses you do you want to perform address translation for. Set the pool to be the translated address. if you want the translation done for any destination port, set the VIP and pool member port to 0.

If you have a lot of addresses you want to translate, you could use the node command (Click here) to do it. Make sure to use IP::addr (Click here) to evaluate the IP address. This is more efficient than a string comparison.

Updated 30-Jun-2008 • Originally posted on 30-Jun-2008 by Miguel Alfaro 0
What I want to do is address translation for all public IPs and turns them to private IPs.
I want to trick a router that has a default route to This router sends all unknown traffic to Internet by the router with the IP, but I need that in sometimes it sends all traffic to another router I mean, I need that default route but in some times I do not (what I am trying to do is like a dynamic default route).

I need when all the traffic goes through the LTM an irule changes the public IP to a private one, let’s say to, then all traffic goes through the first router. When the packets arrives at the second LTM, another irule changes the private one to a public ip again (the original) to

I will hide the public IP into the payload at this way:

Set XX [scan [IP:: remote_addr] " %d.%d.%d.%d"]
Set yy [binary format c4 $xx]
TCP:: payload replace 0 0 $yy
#here I need to change any public IP by a private ( to or ( to or any public IP to

Then in the second LTM (irule 2) I am going to look for the original IP an put it back again

Set zz [binary scan [TCP:: payload] a4 XX]
#here I need to put the public IP again (the original)

can it be performed with the node command?
Updated 30-Jun-2008 • Originally posted on 30-Jun-2008 by hoolio 2066
I suppose that could be possible to do this as you've described using the node command. You'd need to have address translation enabled on the VIP you try this with.

This seems like a lot of hoops to jump through in order to hack together routing. Can't you change the routing on the intermediate router?