Forum Discussion
Oct 16, 2015
Hi!
Try using [IP::local_addr] instead of [IP::client_addr] when matching IP's against the date group list. Client_addr would be the source ip of the tcp session you establish in your example.
Also, please try to use the preformatted code option as it makes it so much easier to read your config.
Cleaned it up for you a bit in case someone else wants to check it out too:
ltm data-group internal /Common/DG2 {
records {
50.50.50.0/24 { data net2 }
60.60.60.0/24 { data net1 }
}
type ip
}
ltm rule /Common/rr_snat_irule {
when CLIENT_ACCEPTED {
log local0. "CLient Connected: local_addr IP address = [IP::local_addr]"
if {[class match [IP::client_addr] equals DG2 ]} {
log local0. "use snat ip 1.1.1.1"
} else {
log local0. "No snat required"
}
}
}
ltm virtual /Common/snat_out_vs_80 {
destination /Common/0.0.0.0:80
ip-protocol tcp
mask any
profiles {
/Common/tcp { }
}
rules {
/Common/rr_snat_irule
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled vlans { /Common/TRAFFIC }
vlans-enabled
}
If all you want to do is to route packets from VLAN's behind the load balancer I suggest checking out forwarding virtual servers instead of the normal ones.
/Patrik