Forum Discussion

enlowb_27270's avatar
enlowb_27270
Icon for Nimbostratus rankNimbostratus
Mar 17, 2009

Need help with irule conversion 4x to 9x

I have a version 4.x irule and was wondering if someone could help convert it to version 9x. Thanks in advance...

 

 

Version 4.x irule below:

 

 

if (server_addr == one of snat_to_me and client_addr == one of snat_from_me) {

 

use snatpool trans_addr

 

use pool single_sign_on_pool

 

}

 

else {

 

use pool single_sign_on_pool

 

}

7 Replies

  • You could set the default pool on the LTM GUI to single_sign_on_pool and then add the following untested iRule

     
     when CLIENT_ACCEPTED { 
     if { ( [IP::addr [IP::server_addr] equals 192.168.1.100] ) and ( [IP::addr [IP::client_addr] equals 192.168.2.100] } { 
     snatpool trans_addr 
     } 
     } 
     

    Hope this helps

    CB
  • snat_to_me = 172.27.17.50 but snat_from_me = 172.27.18.101, 172.27.18.102, 172.27.18.111 and 172.27.18.112. I am not sure but I think I need to use classes in order to do this... Thanks though...
  • If you have multiple addresses then you can use matchclasses

    It would look something like this

     
     when CLIENT_ACCEPTED {  
      if { ( [matchclass [IP::server_addr] equals $::Servers] ) and ( [matchclass [IP::client_addr] equals $::Clients] } {  
         snatpool trans_addr  
         }  
      }  
     

    This is where $::Servers and $::Clients would contain a list of IP addresses in their defined classes.

  • So when I try to add the irule I get:

     

     

    01070151:3: Rule [test] error:

     

    line 1: [parse error: PARSE syntax 90 {syntax error in expression " ( [matchclass [IP::server_addr] equals $::Servers] ) and ( ...": looking for close parenthesis}] [{ ( [matchclass [IP::server_addr] equals $::Servers] ) and ( [matchclass [IP::client_addr] equals $::Clients] }]

     

     

     

    I have tried it a few different ways and still get the parse error. Also, to clarify Servers refers to a data group list named Servers with IP addresses of servers and Clients refers to a data group list named Clients with IP addresses of clients. Thanks for the help...

     

  • It was missing a parethesis

     
      when CLIENT_ACCEPTED {   
       if { ([matchclass [IP::server_addr] equals $::Servers]) &&( [matchclass [IP::client_addr] equals $::Clients] )} {   
           
          }   
       } 
     
  • Thanks a bunch.. I think I got it now... I do have a question pertaining to the irule I posted. What does use snatpool trans_addr do? I do not have a snatpool called tran_addr on the 4.x box. Could this be the 4.x default or auto snat pool or is it just a config error? Thanks again for all the help...
  • I have version 4.x below:

     

     

    if (client_addr == 172.27.16.0 netmask 255.255.255.0) {

     

    use pool PS_Portal}

     

    else {

     

    redirect to "https://%h/%u"

     

    }

     

     

     

    Need help converting it to 9.x. I tried to do it see below but it doesn’t work... Any help would be appreciated... It just says if you are in the 172.27.16.0/24 network use pool PS_Portal anyone elce redirect to https same host same uri. Thanks in advance..

     

     

    Version 9x below that doesnt work:

     

    when CLIENT_ACCEPTED {

     

    if { [IP::addr [IP::client_addr] equals 172.27.16.0/24] } {

     

    pool PS_Portal }

     

    else { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }

     

    }