Hi Community, i want to ask you if is it possible to replace the destination IP of the UDP Payload i think that it might be like this : scan [IP::local_addr] "%d.%d.%d.%d" a b c d set ww [IP::local_addr] "1.1.$c.$d" set xx [binary format c4 $ww] UDP::payload replace 0 0 $xx

Hi MDPF5, Can you explain what kind of behavior are you looking to do with the replacing the IP address in a payload. This might help us further understand how we can help you. -=Bhattman=-

i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks can you give some example?

Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support

UDP Payload replace destination IP with iRules

14 Replies

The_Bhattman
Nimbostratus
Jul 05, 2014
Hi MDPF5,

Can you explain what kind of behavior are you looking to do with the replacing the IP address in a payload. This might help us further understand how we can help you.

-=Bhattman=-
nitass_89166
Noctilucent
Jul 07, 2014
i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks

can you give some example?
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support
nitass
Employee
Jul 07, 2014
i want to implement a NAT-like feature that translates the destination IP address based on a data group containing networks

can you give some example?
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes of course, So, we have a data group called NATNET that includes networks: 10.12.0.0/24 10.12.1.0/24 10.12.2.0/24 10.12.44.0/24 10.12.60.0/24 Example Scenario: There is an incoming packet to our forwarding virtual server with Source IP : X.X.X.X and Destination IP : 10.20.30.12 When the packet have the destination ip that matches in the networks contained in the data group NATNET ( i can check it by using an IF condition with a scan fuction and compare it) But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule like this: scan [IP::local_addr] "%d.%d.%d.%d" a b c d now i want to translate the Destination IP in --> 192.12.$c.$d i Hope i was clear enough to understand Thanks in advance for all your support
nitass
Employee
Jul 07, 2014
But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule

have you tried "node" command? you may have to enable translate address if it is not enabled under virtual server configuration.

node

https://devcentral.f5.com/wiki/iRules.node.ashx

translate

https://devcentral.f5.com/wiki/iRules.translate.ashx
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Thank you for your answer, i've tried the node command but it didn't give me any output ( not functioning) I've checked my Forwaring virtual server and it didn't have the address translate option but if i create a new virtual server i can see the option so, under the forwarding virtual server I'm not be able to use the translation commands? Thanks for support
- nitass
  Employee
  Jul 07, 2014
  can you change to performance layer 4 or standard virtual server? you do not need to assign pool. without pool, packet will be forwarded based on routing.
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes i can change it, but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement So, there are other solutions to create a Destination IP translation? Thank You
nitass_89166
Noctilucent
Jul 07, 2014
But now inside the IF condition (So, the condition is true ) i want to Translate the destination ip like a snat irule

have you tried "node" command? you may have to enable translate address if it is not enabled under virtual server configuration.

node

https://devcentral.f5.com/wiki/iRules.node.ashx

translate

https://devcentral.f5.com/wiki/iRules.translate.ashx
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Thank you for your answer, i've tried the node command but it didn't give me any output ( not functioning) I've checked my Forwaring virtual server and it didn't have the address translate option but if i create a new virtual server i can see the option so, under the forwarding virtual server I'm not be able to use the translation commands? Thanks for support
- nitass_89166
  Noctilucent
  Jul 07, 2014
  can you change to performance layer 4 or standard virtual server? you do not need to assign pool. without pool, packet will be forwarded based on routing.
- MDPF5_152674
  Altostratus
  Jul 07, 2014
  Yes i can change it, but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement So, there are other solutions to create a Destination IP translation? Thank You

nitass

Employee

Jul 07, 2014

but the command node and the command translate don't provide me the Destination IP Address translation that i want to implement

this is mine.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual udpfwd
ltm virtual udpfwd {
    destination any:0
    ip-protocol udp
    mask any
    profiles {
        fastL4 { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vs-index 54
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  translate address enable
  node 1.1.1.1
}
}

 trace

[root@ve11a:Active:In Sync] config  tcpdump -nni 0.0 -s0 udp port 1234
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:19:44.971945 IP 200.200.200.101.32846 > 100.100.100.1.1234: UDP, length 5 in slot1/tmm0 lis=
08:19:44.972019 IP 200.200.200.101.32846 > 1.1.1.1.1234: UDP, length 5 out slot1/tmm0 lis=/Common/udpfwd

Forum Discussion

UDP Payload replace destination IP with iRules

14 Replies

Recent Discussions

redirect not working

cat and grep command for rst messages

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

iControl for Gtm wideip

Related Content

SSL::payload replace - silent failure?

Destination address at F5

Replacing packet payload contents

Large payload post requests aren't responding

string first replacement procedure for ID999881