source port translation/ port pool

Question

I need to either restrict the source ports used when snatting to specific ports per rule or set up a pool for a specific SNAT, I cannot see if this is possible to do if anyone can help?&nbsp;
&nbsp;Thanks&nbsp;
&nbsp;James&nbsp;

nitass · Answer

is it something like this? or do i misunderstand what you are asking? 
  
 [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        if {[IP::addr [IP::client_addr] equals 172.28.19.251/32]}{
                snat 200.200.200.222 2222
        }
}
}
[root@ve1023:Active] config  b snat translation list
snat translation 200.200.200.222 {}

[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
17:33:08.241129 IP 172.28.19.251.36749 &gt; 172.28.19.79.80: S 87059803:87059803(0) win 5840 
17:33:08.241177 IP 172.28.19.79.80 &gt; 172.28.19.251.36749: S 3835525115:3835525115(0) ack 87059804 win 4380 
17:33:08.241895 IP 172.28.19.251.36749 &gt; 172.28.19.79.80: . ack 1 win 46 
17:33:08.241971 IP 200.200.200.222.2222 &gt; 200.200.200.101.80: S 3823560177:3823560177(0) win 4380 
17:33:08.241977 IP 172.28.19.251.36749 &gt; 172.28.19.79.80: P 1:156(155) ack 1 win 46 
17:33:08.243959 IP 200.200.200.101.80 &gt; 200.200.200.222.2222: S 2304621412:2304621412(0) ack 3823560178 win 5792 
17:33:08.243972 IP 200.200.200.222.2222 &gt; 200.200.200.101.80: . ack 1 win 4380 
17:33:08.243985 IP 200.200.200.222.2222 &gt; 200.200.200.101.80: P 1:156(155) ack 1 win 4380 
17:33:08.244979 IP 200.200.200.101.80 &gt; 200.200.200.222.2222: . ack 156 win 54 
17:33:08.246933 IP 200.200.200.101.80 &gt; 200.200.200.222.2222: P 1:263(262) ack 156 win 54 
17:33:08.246944 IP 172.28.19.79.80 &gt; 172.28.19.251.36749: P 1:263(262) ack 156 win 4535 
17:33:08.246948 IP 200.200.200.101.80 &gt; 200.200.200.222.2222: F 263:263(0) ack 156 win 54 
17:33:08.246954 IP 200.200.200.222.2222 &gt; 200.200.200.101.80: . ack 264 win 4642 
17:33:08.246958 IP 172.28.19.79.80 &gt; 172.28.19.251.36749: F 263:263(0) ack 156 win 4535 
17:33:08.247870 IP 172.28.19.251.36749 &gt; 172.28.19.79.80: . ack 263 win 54 
17:33:08.248824 IP 172.28.19.251.36749 &gt; 172.28.19.79.80: F 156:156(0) ack 264 win 54 
17:33:08.248842 IP 172.28.19.79.80 &gt; 172.28.19.251.36749: . ack 157 win 4535 
17:33:08.248847 IP 200.200.200.222.2222 &gt; 200.200.200.101.80: F 156:156(0) ack 264 win 4642 
17:33:08.249822 IP 200.200.200.101.80 &gt; 200.200.200.222.2222: . ack 157 win 54

Forum Discussion

source port translation/ port pool

1 Reply

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

Radware config translation

IPv6 Virtual Server to IPv4 pools translation

GTM Translation

Need Irule for redirection for port translation