Forum Discussion

bweber_12801's avatar
bweber_12801
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008

iRule to SNAT based on IP

I am trying to setup an iRule that will send traffic from a specific host behind my F5 out a specific IP. I have a WildCard VS and an SNAT applied to the WildCard VS called "email" that directs all outbound traffic out my x.x.x.5 IP. I have a mail server sitting behind the F5 at 192.0.0.60. I want all traffic outbound from 192.0.0.60 to go out x.x.x.4 and not x.x.x.5. I also want to have all other traffic continue going out x.x.x.5. The iRule that F5 support recommended that I use is:

 

 

when CLIENT_ACCEPTED {

 

if { [IP::client_addr] equals "192.0.0.60" } {

 

use snat x.x.x.4

 

} else { use snat x.x.x.5 }

 

}

 

 

However when I put that iRule into my WildCard VS, I am unable to get any traffic outbound from 192.0.0.60. Without the iRule 192.0.0.60 obviously still goes out x.x.x.5. Any idea what might be wrong with the iRule?

 

 

Thanks!
application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 17, 2008
    That rule looks like it should work. Are you sure the requests are hitting the virtual server that the rule is configured on? You can add logging to get a better idea of what's happening. Also it would be more efficient to use IP::addr (Click here) to check the client IP address: 

     
 when CLIENT_ACCEPTED { 
    if { [IP::addr [IP::client_addr] equals 192.0.0.60] } { 
       log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]: Snat to x.x.x.4" 
       snat x.x.x.4 
    } else { 
       log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]: Snat to x.x.x.5" 
       snat x.x.x.5 
    } 
 }

    Aaron