Forum Discussion

sunnyman67_1367's avatar
sunnyman67_1367
Icon for Nimbostratus rankNimbostratus
Nov 11, 2013

Using different SNAT Pool List through iRule

Hi guys, i have one question: i have one VS, i want to do SNAT through different SNAT Pool List upon the client source IP address. For example, if the source ip address of client is 1.1.1.1/24 or 1.1.1.2/24, VS should changes the source ip address of outgoing packet to 1.1.1.100, and if the source ip address of client is 1.1.1.11/24 or 1.1.1.12/24, VS should changes the source ip address of outgoing packet to 1.1.1.200. I've checked it with below script, but it didn't work! Am i wrong? Can anyone help me? Is there any need to use of HTTP_REQUEST or some other methods???

when HTTP_REQUEST {

switch -glob [IP::client_addr] {

  "1.1.1.1" - 
  "1.1.1.2" {
     SNAT with 1.1.1.100
     snatpool VM_SNAT_POOL_1_1_1_100
  }

  "1.1.1.11" - 
  "1.1.1.12" {
    SNAT with 1.1.1.200
    snatpool VM_SNAT_POOL_1_1_1_200
  }

} }

APM
application delivery
availability
cloud
devops
iRules
performance
security

3 Replies

Sort By
  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Nov 11, 2013

    Enable logs and check each event. Check client IP adress result and check if you enter in the right switch event.

     

    Let us know. Try in client_accepted event.

     

  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Nov 12, 2013

    You have a log local0. error message with this ??? :

    when HTTP_REQUEST 
{ 
log local0. "HTTP Request from [IP::client_addr]"
switch -glob [IP::client_addr] {
"1.1.1.1" - 
"1.1.1.2" {
SNAT with 1.1.1.100
log local0. "SNAT with 1.1.1.100"
snatpool VM_SNAT_POOL_1_1_1_100    
}
"1.1.1.11" - 
"1.1.1.12" {
SNAT with 1.1.1.200
log local0. "SNAT with 1.1.1.200"
snatpool VM_SNAT_POOL_1_1_1_200
}
}
}