do you know how can i "simulate" a NAT using a virtual server?
this is just a test. it may not be fully correct.
platform and version
root@(B4200-R76-S10)(cfg-sync Standalone)(Active)(/Common)(tmos) show sys hardware | grep -A 4 Platform
Platform
Name BIG-IP 4200
BIOS Revision OBJ-0433-xx Build: 2.02.171.0 05/02/2014
Base MAC 00:23:e9:8d:03:80
root@(B4200-R76-S10)(cfg-sync Standalone)(Active)(/Common)(tmos) show sys version | grep -A 5 Product
Product BIG-IP
Version 11.5.1
Build 8.0.175
Edition Hotfix HF8
Date Mon Feb 9 00:49:11 PST 2015
nat
[root@B4200-R76-S10:Active:Standalone] config tmsh list ltm nat test
ltm nat test {
inherited-traffic-group true
originating-address 200.200.200.101
traffic-group traffic-group-1
translation-address 101.101.101.101
}
trace
[root@B4200-R76-S10:Active:Standalone] config tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
03:48:42.252624 IP 200.200.200.101.58123 > 101.101.101.6.80: S 2652003240:2652003240(0) win 5840 in slot1/tmm3 lis=
03:48:42.252683 IP 101.101.101.101.30203 > 101.101.101.6.80: S 2652003240:2652003240(0) win 5840 out slot1/tmm3 lis=/Common/test,SRC_NAT
[root@B4200-R76-S10:Active:Standalone] config tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
03:48:53.868216 IP 101.101.101.6.56619 > 101.101.101.101.80: S 3744296679:3744296679(0) win 5840 in slot1/tmm3 lis=
03:48:53.868298 IP 101.101.101.6.11327 > 200.200.200.101.80: S 3744296679:3744296679(0) win 5840 out slot1/tmm3 lis=/Common/test,DST_NAT
virtual server for outbound
[root@B4200-R76-S10:Active:Standalone] config tmsh list ltm virtual outbound
ltm virtual outbound {
destination 0.0.0.0:0
ip-forward
mask any
profiles {
fastL4 { }
}
source 200.200.200.101/32
source-address-translation {
pool snat_101.101.101.101
type snat
}
source-port preserve-strict
translate-address disabled
translate-port disabled
vlans {
internal
}
vlans-enabled
vs-index 4
}
[root@B4200-R76-S10:Active:Standalone] config tmsh list ltm snatpool snat_101.101.101.101
ltm snatpool snat_101.101.101.101 {
members {
101.101.101.101
}
}
trace
[root@B4200-R76-S10:Active:Standalone] config tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
03:39:19.646364 IP 200.200.200.101.58120 > 101.101.101.6.80: S 800989615:800989615(0) win 5840 in slot1/tmm0 lis=
03:39:19.646591 IP 101.101.101.101.58120 > 101.101.101.6.80: S 800989615:800989615(0) win 5840 out slot1/tmm0 lis=/Common/outbound
virtual server for inbound
[root@B4200-R76-S10:Active:Standalone] config tmsh list ltm virtual inbound
ltm virtual inbound {
destination 101.101.101.101:0
mask 255.255.255.255
pool pool_200.200.200.101
profiles {
fastL4 { }
}
source 0.0.0.0/0
source-port preserve-strict
translate-port disabled
vlans {
external
}
vlans-enabled
vs-index 6
}
[root@B4200-R76-S10:Active:Standalone] config tmsh list ltm pool pool_200.200.200.101
ltm pool pool_200.200.200.101 {
members {
200.200.200.101:0 {
address 200.200.200.101
}
}
}
trace
[root@B4200-R76-S10:Active:Standalone] config tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
03:41:53.120330 IP 101.101.101.6.56612 > 101.101.101.101.80: S 3185620727:3185620727(0) win 5840 in slot1/tmm2 lis=
03:41:53.120856 IP 101.101.101.6.56612 > 200.200.200.101.80: S 3185620727:3185620727(0) win 5840 out slot1/tmm2 lis=/Common/inbound