Forum Discussion

thebishop_10153's avatar
thebishop_10153
Icon for Nimbostratus rankNimbostratus
Feb 15, 2013

SNAT iRule

I am trying to write a SNAT rule that will use a data group to map the client address to a specific SNAT in version 10.2.3. Due to the protocol, we need this functionality to allow traceability in our environment. The iRule never returns a value from the data group. I have tried many formats for the string group, but no luck in matching. Am I not formating the data group correctly or am I having trouble comparing the string to the address? I've tried many different ways to format the class match line as well.

 

class snat_map {

 

{

 

"\"10.100.61.150\" := { \"10.146.1.7\" }"

 

"\"10.100.61.150\" { \"10.146.1.3\" }"

 

"10.100.61.150 := { \"10.146.1.4\" }"

 

"10.100.61.150 { \"10.146.1.6\"}"

 

"10.100.61.150 { 10.146.1.5 }"

 

"10.100.61.150:=10.146.1.3"

 

}

 

}

 

 

rule snat_rule {

 

when CLIENT_ACCEPTED {

 

TCP::collect 8

 

set srcip [IP::client_addr]

 

log local0. "Entering iRule snat_rule $srcip"

 

set snat_address [class match -value "$srcip" equals snat_map]

 

log local0. "snat_address is $snat_address"

 

if { "$snat_address" ne "" } {

 

log local0. "Using address $snat_address"

 

snat $snat_address

 

}

 

Use default SNAT pool if not found

 

}

 

}

 

Feb 15 07:02:55 local/tmm1 info tmm1[2858]: Rule slp_snap_rule : Entering iRule slp_snat_rule 10.100.61.150

 

Feb 15 07:02:55 local/tmm1 info tmm1[2858]: Rule slp_snap_rule : snat_address is

 

8 Replies

  • e.g.

    [root@ve10:Active] config  b class snat_map list
    class snat_map {
       "10.100.61.150" { "10.146.1.7" }
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when RULE_INIT {
       set srcip "10.100.61.150"
       log local0. "\[class match -value $srcip equals snat_map\] [class match -value $srcip equals snat_map]"
    }
    }
    
    [root@ve10:Active] config  cat /var/log/ltm
    Feb 16 09:39:50 local/tmm info tmm[4909]: Rule myrule : [class match -value 10.100.61.150 equals snat_map] 10.146.1.7
    
    
  • I receive the following error when I use this format.

     

     

    01070151:3: Rule [snat_rule] error: line 6: [wrong args] [class match - value $srcip equals snat_map]

     

     

    If I put quotes around the srcip variable it will compile, but it won't match anything in the class.
  • Below if the latest.

     

     

    when CLIENT_ACCEPTED {

     

    TCP::collect 8

     

    set snat_address [class match -value "[IP::client_addr]" equals snat_map]

     

    log local0. "snat_address is $snat_address"

     

    if { "$snat_address" ne "" } {

     

    snat $snat_address

     

    }

     

    }

     

     

    class snat_map {

     

    "\"10.100.61.150\" { \"10.146.1.7\" }"

     

  • The rule code looks good to me. It saves OK on my v11.3 VE.

     

     

    Did you miss the closing } for the Class configuration?

     

     

    Interesting that the error references line 6, has the rule changed since you posted the error message?
  • If I use the string in data group, the snat is executed in v11.x????

     

     

    Tks

     

    Luis