Forum Discussion

Kmussa_164917's avatar
Kmussa_164917
Icon for Nimbostratus rankNimbostratus
Dec 20, 2015

GTM Private to Public Translation

I have a GTM in DMZ using private IP addresses for wide IP. I need to translate the 1st three octets of the wide IPs to public addresses. I believe I have to use an irule to accomplish this. I tried using the following with no success: when LB_SELECTED { if { [LB::server addr] contains ".10." } { log local0. "Pool member [LB::server addr]"} } This irule is assigned to a wide IP. I’m able to log the private address. I just can’t find a command to use to change the 1st 3 octets.

 

application delivery
iRules
LTM

8 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 20, 2015

    Hi Kmussa,

    you may parse the remaining octed (incl. possible route domains) and then substitute the new leading octets with this command.

    set new_ip "123.123.123.[getfield [LB::server addr] "." 4]"

    Cheers, Kai

  • Kmussa_164917's avatar
    Kmussa_164917
    Icon for Nimbostratus rankNimbostratus
    Dec 20, 2015

    Hi Kai,

     

    Below is the irule: when LB_SELECTED { if { [LB::server addr] contains ".10." } { log local0. "Pool member [LB::server addr]" set new_ip "1.1.1.[getfield [LB::server addr] split "." 4]"} elseif { [LB::server addr] contains ".20." } { log local0. "Pool member [LB::server addr]" set new_ip "2.2.2.[getfield [LB::server addr] split "." 4]"} }

     

    • Kai_Wilke's avatar
      Kai_Wilke
      Icon for MVP rankMVP
      Dec 20, 2015
      The command I've posted is just a way to parse the last octed of your existing IP and then transform this IP into a new one. It does not changes anything on the wire yet. But you could use this command in combination with other commands (depending on what you're trying to solve). To help you further, I'd need some more details of the configuration you're trying to achive? Cheers, Kai
  • Kmussa_164917's avatar
    Kmussa_164917
    Icon for Nimbostratus rankNimbostratus
    Dec 20, 2015

    GTM is currently resolving all DNS queries to private addresses. I need to change DNS response to public addresses. For example: xyz.com can be resolved to 10.10.10.125 or 20.20.20.125. I need to write an irule to do the following: 1. if xyz.com resolves to 10.10.10.125 then DNS response should be 1.1.1.125 2. if xyz.com resolves to 20.20.20.125 then DNS response should be 2.2.2.125.

     

    Thank you

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 21, 2015

    Hi Kmussa,

    customized Hamish Marson's "GTM traslation" iRule for you needs...

    Original iRule can be found here: https://devcentral.f5.com/wiki/iRules.GTM-Translation.ashx

    when DNS_RESPONSE {
    foreach rr [DNS::answer] { 
        if { ([DNS::type $rr] eq "A") } then {
            if { [IP::addr [DNS::rdata $rr] equals 10.10.10.0/24]) } then {
                log -noname local0.debug "DNS Rewrite: [DNS::rdata $rr] > 1.1.1.[getfield [DNS::rdata $rr] "." 4]"
                DNS::rdata $rr "1.1.1.[getfield [DNS::rdata $rr] "." 4]"
            } elseif { [IP::addr [DNS::rdata $rr] equals 20.20.20.0/24]) } then {
                log -noname local0.debug "DNS Rewrite: [DNS::rdata $rr] > 2.2.2.[getfield [DNS::rdata $rr] "." 4]"
                DNS::rdata $rr "2.2.2.[getfield [DNS::rdata $rr] "." 4]"
            }
        }
    }
}

    Note: I don't have a GTM to my hands, hope it will work out... 🙂

    Cheers, Kai

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Dec 21, 2015

    Hi,

     

    to translate address on GTM, one solution is to disable virtual server automatic creation and to create them manually in GTM with:

     

    • IP address : IPs for DNS responses
    • Translated address: IP of LTM virtual server (used for monitoring)