davec_20224
Jul 29, 2009Nimbostratus
SNAT if client IP is a pool member?
I've seen the end of:
http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html
but that assumes each backend subnet is a /24, which is not currently true of my setup.
I haven't figured out a way to programmatically obtain the netmask associated with LB::server_addr with iRules, but I think it might be possible to obtain a list of all of the IPs in the pool and compare against that. Unfortunately I don't quite have the iRule foo yet, so I was hoping someone could help me fill in the blanks:
when LB_SELECTED {
if {[IP::addr "[IP::client_addr]" ***in list of node IPs for pool***]} {
snat automap
}
}
I realize I could also just make two separate virtual servers -- one on the external VLAN without SNAT & one on the internal VLAN with SNAT -- but somehow this seems more elegant.
Thanks,
Dave C.