Forum Discussion

Glenn_32974's avatar
Glenn_32974
Icon for Nimbostratus rankNimbostratus
Sep 17, 2010

Direct traffic to proper pool after being snat'd!

Hello

 

I have written the following Irule (basic one) with the intention to direct traffic to a proper pool after it has been snat'd on the way out

 

 

I need to have host 10.44.17.30 get snat'ed to snatpool E_File (2 members: 190.216.X.Y & 190.145.X.Y) and after it has been snat'd choose a proper pool

 

 

 

According to SnatPool , iRule and tcpdumps statistics I see traffic is actually been snat'd

 

but I dont see either Pool Global or Pool Telmex being hit! And traffic is going out via pool Default_Gateway_Pool_SMTP instead!

 

 

 

 

when CLIENT_ACCEPTED {

 

 

if { [IP::client_addr] equals "10.44.17.30" } {

 

snatpool E_File

 

rateclass Fac_Dig

 

 

if {[IP::client_addr] equals "190.216.X.Y" }{

 

 

pool Pool_Global

 

pool of 1 member :201.234.X.Y:25

 

 

} elseif {

 

[IP::client_addr] equals "190.145.X.Y" }{

 

 

pool Pool_Telmex

 

pool of 1 member :190.145.X.Y:25

 

}

 

 

log local0. "Valid client IP: [IP::client_addr] - HostName"

 

else {

 

 

pool Default_Gateway_Pool_SMTP

 

 

log local0. "Valid client IP: [IP::client_addr] - HostName"

 

}

 

}

 

 

 

 

Is there something wrong with this irule?

 

 

Thansk in advanced!

 

 

Glenn

 

application delivery
dev
devops
iRules

6 Replies

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Sep 17, 2010
    Since you're using "client_accepted", the traffic hasn't been SNATed and therefore LTM will see the original client IP and not the SNAT IP...I'll have to think about options here.

     

     

    May I ask why you're using a SNAT address from different pools? If these are firewalls/gateways, you could maybe use automap?
  • Glenn_32974's avatar
    Glenn_32974
    Icon for Nimbostratus rankNimbostratus
    Sep 17, 2010
    Hi Chris,

     

     

    I have defined the following Pool:

     

     

    SnatPool E_File with 2 members:

     

    1. 190.216.X.Y

     

    2. 201.234.X.Y

     

     

    The idea behind this is to Translate source address 10.44.17.30 to either 190.216.X.Y or 201.234.X.Y SNAT addresses

     

    Because this is Bulk email traffic and sometimes it gets blacklisted so the customer needs to havethis specific smtp traffic leave the network with the above addresses

     

     

    Did I explain clearly?

     

     

    Im working with Link Controller and I need to send traffic over one link (Pool Global) is traffic gets SNAT'ed to 201.234.X.Y or the other link (Pool Telmex) if traffic gets SNAT'ed to 190.216.X.Y

     

     

     

    Thanks for your response!

     

     

     

     

     

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Sep 17, 2010
    I see now...why not just make one pool that has the link for 201.234.x.y and 190.216.x.y. Then, SNAT from within the LB_SELECTED event so if the chosen pool member is the 201.234.x.y link, we use that address.
  • Glenn_32974's avatar
    Glenn_32974
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2010
    Sounds good! sorry for the delay in the response!

     

     

    Let me see how can I work this irule out... I'm nor really an expert

     

     

    Thx Chris
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Sep 20, 2010
    I'd do the following:

    1. Define snat pool that contains address 201.234.x.y, let's call it "snatpool_201"

    2. Define snat pool that contains address 190.216.x.y, let's call it "snatpool_190"

    3. Create pool that contains gateway for "201.234.x.y and 190.216.x.y"

    4. Create Virtual Server with the above as default pool.

    Use a rule like this: 

    
when LB_SELECTED {
if { [LB::server addr] eq 190.216.x.y } {
snatpool snatpool_190
} elseif { [LB::server addr] eq 201.234.x.y } {
snatpool snatpool_201 } }

    That should compile...let me know if it doesn't.
  • Glenn_32974's avatar
    Glenn_32974
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2010
    Hi Chris!

     

     

    Sorry for the late update! Your recommendation worked as expected!

     

     

    Thx for the support on this one!

     

     

    G