Forum Discussion
Liu_Li_18953
May 08, 2008Nimbostratus
Thank you for your help,I don't wanna use too many "if" or "elesif" in ruels , can i use the "classe".
rule outbound-snat {
when CLIENT_ACCEPTED {
if { [ matchclass [IP::local_addr] equals $::ISP1_ip ] } {
pool ISP1_GW_pool
}
elseif { [ matchclass [IP::local_addr] equals $::ISP2_IP ] } {
pool ISP2_GW_pool
}
else {
pool default_gateway_pool
}
}
when LB_SELECTED {
if { [[LB::server addr] equals ISP1_GW] } {
if { [[IP::client_addr] equals 172.16.1.0/24] } {
snat 200.1.0.10
}
elseif { [[IP::client_addr] equals 172.16.2.0/24] } {
snat 200.1.0.11
}
elseif { [[IP::client_addr] equals 172.16.3.0/16] } {
snat 200.1.0.12
}
.........
........
}
else {
snat automap
}
}
but i have so many networks need to snat and for some reason i can't change it . (ie : 172.16.1.0/24 must ues 200.1.0.11 ; 172.16.2.0/24 must 200.1.0.12),if I use following rules, does it work?
class snat {
"172.16.1.0/24 200.1.0.10"
"172.16.2.0/24 200.1.0.11"
"172.16.3.0/24 200.1.0.12"
.....
.....
}
rule outbound-snat {
when CLIENT_ACCEPTED {
if { [ matchclass [IP::local_addr] equals $::ISP1_ip ] } {
pool ISP1_GW_pool
}
elseif { [ matchclass [IP::local_addr] equals $::ISP2_IP ] } {
pool ISP2_GW_pool
}
else {
pool default_gateway_pool
}
}
when LB_SELECTED {
if { [[LB::server addr] equals ISP1_GW] } {
set my_snat [ findclass [IP::client_addr] $::snat " " ]}
if { $my_snat ne "" } {
snat $my_snat
}
else { snat automap}
}
}