NimbostratusConditional SNAT using an iRule on a Wildcard Forwarding VS
Hello everyone,
I am new to iRules and have seen a lot of answers to the issue i am currently facing, but even after referring them and trying out all the possible combinations i just can't seem to get it to work.
I have two Viprions (v11.5.1 Hotfix 5) in Active/Standby and a host (with a private address) setup behind those in our lab. The customer would like to connect to a public server to fetch updates. I used a wildcard forwarding VS with a SNAT pool to set this up and it works just fine. Now, he would also like to see a log entry (containing his host's IP, the SNATed IP, and the IP of the public server he is connecting to) whenever an outbound connection is initiated. Additionally, if the public server is on-campus, there should be 'no SNAT log' and 'forwarding', but if the server is off-campus, there has to be 'SNAT log entry' and 'forwarding'.
I looked up conditional SNAT and sure enough there was a solution, but most of them were for CLIENT_ACCEPTED events, which is not the case here. It is more of a SERVER_CONNECTED event. I started by creating two data-groups - 'on-campus networks (public networks and the 172.16/12 prefix routed on campus)' and 'load balanced networks (3 private subnets)' and use these in my iRule. Mind you the 3 private load balanced subnets are taken out of the private /12 routed on campus.
My iRule:-
when SERVER_CONNECTED {
if {[matchclass [clientside {IP::client_addr}] equals loadBalancer_networks] and [matchclass [serverside {IP::remote_addr}] equals onCampus_networks]} {
snat none
return
}
else {
log local0. "Client [clientside {IP::client_addr}]:[clientside {TCP::client_port}] SNATed to [IP::local_addr]:[TCP::local_port] connecting to [serverside {IP::remote_addr}]:[serverside {TCP::remote_port}]"
snatpool snat_pool
}
}
I have tried all the possible IP combinations inside the if statement, but none of them have worked out so far. Can anyone here help me out with the same. Please. Thank you.
