How to use iRule to create SNAT based on destination ip address

Question

I'm use BIG-IP F5 Version: 11.1.0 (Build 1943.0)&nbsp;

&nbsp;
&nbsp;

I'm trying to configure outbound SNAT based on destination address.&nbsp;

&nbsp;
&nbsp;
I have three vlan on my f5. &nbsp;
For example, my vlan is public, front-end and back-end vlan.&nbsp;

&nbsp;
&nbsp;
I want to initiate outbound communication from front-end vlan to internet on public vlan.&nbsp;
I found I can use SNAT for it. And it work very well.&nbsp;

&nbsp;
&nbsp;
So if I initiate communication from front-end to back-end vlan. It use SNAT too.&nbsp;
But I don't want to use SNAT when communication from front-end to back-end vlan.&nbsp;

&nbsp;
&nbsp;
I'm want to use this iRule for solve this problem. But i don't know if this is the correct way to do it.&nbsp;
&nbsp;

&nbsp;
&nbsp;

when CLIENT_ACCEPTED {&nbsp;
if { [class match [IP::server_addr] equals private_net]} {&nbsp;
forward&nbsp;
} else {&nbsp;
snat 40.x.x.40&nbsp;
}&nbsp;
}&nbsp;
}&nbsp;
&nbsp;

&nbsp;
&nbsp;

Anyone could suggest some example iRules?
&nbsp;

the_bhattman · Answer

Hi Thananchai, 
&nbsp;    You will need to use [IP::local_addr] instead of [IP::server_addr].  This is because [IP::server_addr] is used when the server side connection is already established.  This is not established on the CLIENT_ACCEPTED event. 
&nbsp;  
&nbsp;  
&nbsp; I hope this helps, 
&nbsp; Bhattman

thananchai_pany · Answer

&nbsp; thank you very much 
&nbsp;  &nbsp;

Forum Discussion

How to use iRule to create SNAT based on destination ip address

2 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

Create a DevCentral account

Decoding the IPv4 address from the persistence cookie

CSV to Address External Datagroup File

Different policies same destination and pool

POC: Create and sign a JWT with iRule