SNAT based on destination IP

Question

Hi,&nbsp;
&nbsp;I would need a solution for the following requirement.&nbsp;
&nbsp;I have a pool of servers and their internal IP addresses are e.g.:&nbsp;
&nbsp;pool POOL_WITH_6NODES {
&nbsp;   lb method member least conn
&nbsp;   action on svcdown reset
&nbsp;   monitor all tcp
&nbsp;   members
&nbsp;      192.168.1.1:1234
&nbsp;      192.168.1.2:1234
&nbsp;      192.168.1.3:1234
&nbsp;      192.168.1.4:1234
&nbsp;      192.168.1.5:1234
&nbsp;      192.168.1.6:1234
&nbsp;}&nbsp;
&nbsp;Then I have 3 VIPs that all use the same pool of servers e.g.:&nbsp;
&nbsp;virtual VS_NODES_1 {
&nbsp;   pool POOL_WITH_6NODES
&nbsp;   destination 172.1.1.1:1234
&nbsp;   ip protocol tcp
&nbsp;}
&nbsp;virtual VS_NODES_2 {
&nbsp;   pool POOL_WITH_6NODES
&nbsp;   destination 172.1.1.2:1234
&nbsp;   ip protocol tcp
&nbsp;}
&nbsp;virtual VS_NODES_3 {
&nbsp;   pool POOL_WITH_6NODES
&nbsp;   destination 172.1.1.3:1234
&nbsp;   ip protocol tcp
&nbsp;}&nbsp;
&nbsp;What I need is that when any one of my 6 servers will connect to external host e.g. host1=10.1.1.1 then the internal IP will be SNATted to 172.1.2.100
&nbsp;host2=10.2.2.2 then the internal IP will be SNATted to 172.1.2.101
&nbsp;host3=10.3.3.3 then the internal IP will be SNATted to 172.1.2.102&nbsp;
&nbsp;How can I do this?&nbsp;&nbsp;&nbsp;&nbsp;

hamish · Answer

You passing through a firewall? If so, NAT there. 
&nbsp;  
&nbsp; If not... 
&nbsp;  
&nbsp; You could create a VS that the outbound traffic is forwarded through. If these are the only 6 servers on the VLAN, you can set SNAT on the VS. If there's more servers on the VLAN and you don't want to SNAT them, then you could put an iRule on the VS to check the clientip and perform a SNAT if and only if the clientip is one of the 6 and the destip is the target (Or in a target list) [Note, I'd use a datagoup/class for holding the IP addresses of the clients and servers... 
&nbsp;  
&nbsp; H

nitass · Answer

e.g. 
  
 [root@iris:Active] config  b class myservers list
class myservers {
   {
      host 192.168.1.1
      host 192.168.1.2
      host 192.168.1.3
      host 192.168.1.4
      host 192.168.1.5
      host 192.168.1.6
   }
}

[root@iris:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        if {[class match [IP::remote_addr] equals myservers]} {
                switch [IP::local_addr] {
                        "10.1.1.1" { snat 172.1.2.100 }
                        "10.2.2.2" { snat 172.1.2.101 }
                        "10.3.3.3" { snat 172.1.2.102 }
                        default {  do something }
                }
        }
}
}

juha_47876 · Answer

Thanks a lot!! :) I will try that on Monday

Forum Discussion

SNAT based on destination IP

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

SNAT based on source and destination

Destination Snat Using DNS

Destination Based Routing

SNAT IP address logging

Different policies same destination and pool