Forum Discussion

Renevdb_80118's avatar
Renevdb_80118
Icon for Nimbostratus rankNimbostratus
Apr 13, 2012

Change outgoing NAT

Hi,

 

 

Looking for the irule that can change the outgoing IP address based on destination, I've seen it but can't find it anymore.

 

 

 

Background: We have multiple local subnets which we use currently use for outgoing connections. We need to migrate this to an F5 LC but can't use the standard (S)NAT. Later this will be moved to BGP to allow us to provide only one entry to vendors as our originating address.

 

 

 

Thanks for any help.

 

 

 

application delivery
dev
devops
iRules

7 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 13, 2012
    is it something like this? 

    when CLIENT_ACCEPTED {
   if { [class match -- [IP::local_addr] equals dest1_dg] } {
      snat 1.1.1.1
   } elseif { [class match -- [IP::local_addr] equals dest2_dg] } {
      snat 2.2.2.2
   } else {
      snat 3.3.3.3
   }
}
  • Renevdb_80118's avatar
    Renevdb_80118
    Icon for Nimbostratus rankNimbostratus
    Apr 13, 2012
    Thanks, yes that looks like what we are trying. Would it be possible to create pools for the sets1_dg and dest2_dg?
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 13, 2012
    Yes, you could assign a specific pool in each clause. 

    
when CLIENT_ACCEPTED {
   if { [class match -- [IP::local_addr] equals dest1_dg] } {
      snat 1.1.1.1
      pool pool_a
   } elseif { [class match -- [IP::local_addr] equals dest2_dg] } {
      snat 2.2.2.2
      pool pool_b
   } else {
      snat 3.3.3.3
      pool pool_c
   }
}

    Aaron
  • Renevdb_80118's avatar
    Renevdb_80118
    Icon for Nimbostratus rankNimbostratus
    Apr 13, 2012
    Will something like this work?

     

     

    when CLIENT_ACCEPTED {

     

    if { [class match -- [IP::local_addr] equals pool pool_a] } {

     

    snat 1.1.1.1

     

    } elseif { [class match -- [IP::local_addr] equals pool pool_b] } {

     

    snat 2.2.2.2

     

    } else {

     

    snat 3.3.3.3

     

    }

     

    }
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 14, 2012
    dest1_dg and dest2_dg are data group containing destination ip address. why do you want to use pool (in class match) instead??
  • Renevdb_80118's avatar
    Renevdb_80118
    Icon for Nimbostratus rankNimbostratus
    Apr 17, 2012
    We will have multiple destinations which need the same originating address.

     

     

    Example google.com can resolve to multiple IP addresses.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 17, 2012
    We will have multiple destinations which need the same originating address.

     

     

    Example google.com can resolve to multiple IP addresses.yes, that is why we use data group containing those destination addresses, don't we?