Forum Discussion

Karthik_Kumaran's avatar
Karthik_Kumaran
Icon for Nimbostratus rankNimbostratus
May 30, 2014

SNAT outbound only for specific servers to specific destination

Hi, I am looking for a way to SNAT traffic going out from a specific set of servers behind F5 ltm (ltm is the gateway for the servers) to a particular destination in the internet. I can create a VS with the destination, with a snat and selecting the vlan the servers are on, but that applies the Snat to all the servers in the vlan. But i wanth only the particular servers to ber SNATed and not all in the vlan. Anyway this could be achieved?

 

application delivery
LTM

5 Replies

Sort By
  • Karthik_Kumaran's avatar
    Karthik_Kumaran
    Icon for Nimbostratus rankNimbostratus
    May 30, 2014

    Thanks. I am running 11.2. What if i have only 3 servers in the vlan that need to be SNATed. Is it possible to refer only the 3 servers in an object/datagroup and call in the irule?

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    May 31, 2014

    Can't you set up a one-to-one SNAT mapping for each of the 3 servers?

     

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Jun 01, 2014

    Hi Karthik, Here is an example of where you can apply an Irule on a Forwarding Virtual Server.

    The below assumes you have created a network address Datagroup and snat pool

    when CLIENT_ACCEPTED {
 This irule will snat all requests except for clients destined to a network that doesn't need to be SNAT'd

if { ![class match [IP::local_addr] equals dg-exclude-net] } {
      snatpool snat_client_outbound
      }
}

    I hope this helps

    -=Bhattman=-