Forum Discussion

Michael_107360's avatar
Michael_107360
Icon for Cirrus rankCirrus
Jun 23, 2017

2 SNAT or not 2 SNAT

I need help here trying to modify an Irule for a forwarding virtual server

4 conditions:

  1. Destination Ip is in one of the listed subnets then SNAT NONE

  2. Specific IP address of Server is Listed SNAT as specified

  3. If Destination Ip is a listed subnet then SNAT as specified

  4. If none of the first three conditions are met then TCP:close do not pass go do not collect $200.00 drop the packet.

when CLIENT_ACCEPTED {

if {

switch [IP::addr [getfield [IP::local_addr] "%" 1] {

 172.23.0.0/16 -
 10.0.0.0/8 -
 192.168.1.0/24 -
 192.168.2.0/24 -
 192.168.3.0/24 -
 192.168.4.0/24 { snat none }
 }
}

elseif {

switch [IP::addr [IP::client_addr] {

 192.168.5.6%1 { snat 192.168.100.5 }
 192.168.5.7%1 { snat 192.168.100.13 }
 192.168.5.8%1 -
 192.168.5.9%1 { snat 192.168.100.12 }
 192.168.5.10%1 -
 192.168.5.11%1 { snat 1192.168.100.11 }
 }
}

elseif {

 if {[IP::addr [getfield [IP::local_addr] "%" 1] equals 104.129.194.0/24] } { snat 192.168.100.195 }
 }

else { TCP:close } }

application delivery
iRules
LTM

2 Replies

Sort By
  • Michael_107360's avatar
    Michael_107360
    Icon for Cirrus rankCirrus
    Jun 23, 2017

    By the way....it's not that it's not working I cannot get it save without errors using switch I have it working with if else than....etc. trying to make it more efficient and faster, using switch. This is working with the exception of adding the 4th condition. when CLIENT_ACCEPTED {

     

    if {[IP::addr [getfield [IP::local_addr] "%" 1] equals 172.23.0.0/16]

     

    or [IP::addr [getfield [IP::local_addr] "%" 1] equals 10.0.0.0/8]

     

    or [IP::addr [getfield [IP::local_addr] "%" 1] equals 192.168.1.0/24]

     

    or [IP::addr [getfield [IP::local_addr] "%" 1] equals 192.168.2.0/24]

     

    or [IP::addr [getfield [IP::local_addr] "%" 1] equals 192.168.3.0/24]

     

    or [IP::addr [getfield [IP::local_addr] "%" 1] equals 192.168.4.0/24]}{snat none}

     

    elseif { [IP::addr [IP::client_addr] equals 192.168.5.6%1] } {snat 192.168.100.5}

     

    elseif { [IP::addr [IP::client_addr] equals 192.168.5.7%1] } {snat 192.168.100.13}

     

    elseif { [IP::addr [IP::client_addr] equals 192.168.5.8%1] or [IP::addr [IP::client_addr] equals 192.168.5.9%1] } {snat 192.168.100.12}

     

    elseif { [IP::addr [IP::client_addr] equals 192.168.5.10%1] or [IP::addr [IP::client_addr] equals 192.168.5.11%1] } {snat 192.168.100.11}

     

    elseif { [IP::addr [getfield [IP::local_addr] "%" 1] equals 104.129.194.0/24]} {snat 192.168.100.195}

     

    }

     

  • Michael_107360's avatar
    Michael_107360
    Icon for Cirrus rankCirrus
    Jun 23, 2017

    what happens here is there is no snat for the first conditions, snat for the specific and specific subnet....the problem was that it was allowing traffic to pass after those three with the default of snat none.