Nicola_DT
Sep 22, 2008Nimbostratus
Irule and snat pool
Hi,
am getting stressed out...
I have to manage a thing that sounds like:
Some traffic from client A and B that are in vlan Internal have to cross the Bigip and reach servers X, Y and Z that are in Vlan 2 external.
Traffic does not need to be balanced, just to cross the box.
Nothing easier, just use the forwarding ip virtual pool !
Good
Fact is that I also need that:
-traffic from client A and B going to any Server and communicating with tcp port 20000 must be assigned a snat ip address that I have devined in snat_pool_1
-traffic from client A and B going to any Server and communicating with tcp port 21000 must be assigned a snat ip address that I have devined in snat_pool_2
I am trying to manage it with irules (with simple forwarding virtual pool I cannot filter by source address), and I wrote a rule that sounds like this:
when CLIENT_ACCEPTED {
if {
{[IP::addr [IP::client_addr] equals "10.130.167.23 mask 255.255.255.255"]
and [if TCP::local_port == 28080]
}
or
{
[IP::addr [IP::client_addr] equals "10.130.167.24 mask 255.255.255.255"]
and [if TCP::local_port == 28080]
}
}
{use snatpool snat_pool_1}
}
And same rule for snat pool 2
But it gives me several errors...
Anyone can give me a hand on this ?
Thanx everybody.
Nicola.