The functionality I would like to have is that all connections destined for the forwarding VS destinations IPs and ports will take precedence over the generic SNAT on the VLAN, then all other traffic egress through this path will use the generic SNAT or the catchall SNAT?
not sure if i understand correctly.
anyway, if virtual server has no snat but there is snat list, traffic matching the virtual server will also be translated according to the snat list.
if you do not want snat list to be applied, there are 3 options; one is to disable snat in irule, second is to disable allow snat in pool (if virtual server has pool) and the last one is to assign snatpool to the virtual server.
e.g.
virtual server has no snat but there is snat list
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual net192
ltm virtual net192 {
destination 192.168.206.0:0
ip-forward
mask 255.255.255.0
profiles {
fastL4 { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans {
internal
}
vlans-enabled
vs-index 9
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snat snat101
ltm snat snat101 {
origins {
0.0.0.0/0 { }
}
translation /Common/172.28.24.101
vlans {
internal
}
vlans-enabled
}
[root@ve11a:Active:In Sync] config tcpdump -nni 0.0 -s0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
05:39:00.293960 IP 200.200.200.101 > 192.168.206.178: ICMP echo request, id 63845, seq 1, length 64 in slot1/tmm1 lis=
05:39:00.294022 IP 172.28.24.101 > 192.168.206.178: ICMP echo request, id 63845, seq 1, length 64 out slot1/tmm1 lis=/Common/net192
05:39:00.296797 IP 192.168.206.178 > 172.28.24.101: ICMP echo reply, id 63845, seq 1, length 64 in slot1/tmm1 lis=/Common/net192
05:39:00.296806 IP 192.168.206.178 > 200.200.200.101: ICMP echo reply, id 63845, seq 1, length 64 out slot1/tmm1 lis=/Common/net192
virtual server has snatpool and also there is snat list
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual net192
ltm virtual net192 {
destination 192.168.206.0:0
ip-forward
mask 255.255.255.0
profiles {
fastL4 { }
}
source 0.0.0.0/0
source-address-translation {
pool snatpool102
type snat
}
translate-address disabled
translate-port disabled
vlans {
internal
}
vlans-enabled
vs-index 9
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snatpool snatpool102
ltm snatpool snatpool102 {
members {
172.28.24.102
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snat snat101
ltm snat snat101 {
origins {
0.0.0.0/0 { }
}
translation /Common/172.28.24.101
vlans {
internal
}
vlans-enabled
}
[root@ve11a:Active:In Sync] config tcpdump -nni 0.0 -s0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
05:41:54.785017 IP 200.200.200.101 > 192.168.206.178: ICMP echo request, id 65125, seq 1, length 64 in slot1/tmm1 lis=
05:41:54.785091 IP 172.28.24.102 > 192.168.206.178: ICMP echo request, id 65125, seq 1, length 64 out slot1/tmm1 lis=/Common/net192
05:41:54.787933 IP 192.168.206.178 > 172.28.24.102: ICMP echo reply, id 65125, seq 1, length 64 in slot1/tmm1 lis=/Common/net192
05:41:54.787943 IP 192.168.206.178 > 200.200.200.101: ICMP echo reply, id 65125, seq 1, length 64 out slot1/tmm1 lis=/Common/net192