irule to replace source IP with an arbitrary IP

the SNAT command is what you are looking for, i think: Click here

Ok. I am trying a simple code as shown below. When the snat command is commented out, the virtual server that is loaded with the irule forwards the packet. When I uncomment out the snat statement, the virtual server does not forward the packet that matches the source IP w.x.y.z though the log statements show in /var/log/ltm file.

 

I am using bigIP version LTM 9.4.4 HF3.

 

What am I doing wrong?

 

 

when CLIENT_ACCEPTED {

 

if {[IP::addr [IP::client_addr] equals w.x.y.z]} {

 

log local0. "before snat"

 

snat m.n.o.p

 

log local0. "after snat"

 

}

 

if {[UDP::payload] contains "_avcv_"} {

 

log local0. "in UDP payload"

 

node a.b.c.d 5060

 

}

 

}

Can the translation IP be any arbitrary IP or it has to be defined somewhere in bigIP configuration? Must the origin IP (the client's IP) be RFC1918 (ie does the code check for it to be RFC1918)?

There aren't any restrictions on what IP is used for a SNAT. But if you want to use symmetric load balancing, the destination server would need to route the response back to the LTM.

 

 

Aaron