Forum Discussion

Michael_C_16907's avatar
Michael_C_16907
Icon for Nimbostratus rankNimbostratus
Jan 30, 2010

simple iRule problem

I'm new in writing an iRule, and I need to write a simple iRule to direct my outbound traffic into 3 different pools. But after I write this iRule, it stops all my traffic. What is the problem with this?

 

 

I need my TCP services SMTP(port25), POP3(port110), LLTP(port1723) and L2TP(port1701) traffic goes through my pool 1.

 

users with 118.143.13.0/24 to my pool 2.

 

and 203.186.55.0/24 to my pool 3.

 

 

when CLIENT_ACCEPTED {

 

if{([TCP::port[TCP::client_port] equals 25]) or ([TCP::port[TCP::client_port] equals 110]) or ([TCP::port[TCP::client_port] equals 1723]) or ([TCP::port[TCP::client_port] equals 1701])}{

 

use pool 1

 

}elseif{[IP::addr [IP::client_addr] equals 118.143.13.0/24]}{

 

use pool 2

 

}elseif{[IP::addr [IP::client_addr] equals 203.186.55.0/24]}{

 

use pool 3

 

}

 

}

 

 

Thanks

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Jan 30, 2010
    If it stops all traffic, it's probably a TCL error. What do your logs say?

     

     

    The iRule also doesn't match your logic as you explained it... Do you always want 118.143.13.0/24 and 203.186.55.0/24 to bypass pool 1? If so you need to do those checks first and not AFTER the checks for port.

     

     

    Also you're checking the client (source or as the docs say remote) port. You need to be checking the local port (TCP::local_port) if I understand your explanation correctly.

     

     

    In order for you to understand what's happening, I'd also sprinkle the relevant log messages through the code... e.g.

     

     

    Oh.. WIth those logic errors, if you don't have a default pool, youll be getting all your other clients falling through. Because your clients will never be coming from port 25 or 110... (Windows will use 1701/1723 for src ports, but Unix won't).

     

     

    H

     

  • Michael_C_16907's avatar
    Michael_C_16907
    Icon for Nimbostratus rankNimbostratus
    Feb 01, 2010
    I actually need all those 4 ports services to go out via pool1, so I guess I need it to be on the of the rule
  • Michael_C_16907's avatar
    Michael_C_16907
    Icon for Nimbostratus rankNimbostratus
    Feb 01, 2010
    Thanks, I have made those changes abt the TCP port codes.

     

    Somehow it gives me an error msg now.

     

     

    TCL error: Rule Rules CLIENT_ACCEPTED - invalid command name TCP::port8 while executing TCP::port[TCP::local_port] equals 25