Forum Discussion
Andy_McGrath
Oct 20, 2015Cumulonimbus
No 'Source' value is only the ip subnet only not the port, the following irule will monitor the client port (in this case the FTP server port) and uses 'switch' instead of lots of 'elseif' statements.
when CLIENT_ACCEPTED {
if { [TCP::client_port] == 21] || [TCP::client_port] == 22] }{
switch [IP::addr [IP::client_addr] mask 255.255.255.255]
"10.0.0.10" { snat 172.18.1.1 }
"10.0.0.11" { snat 172.18.1.1 }
"10.0.0.12" { snat 172.18.1.2 }
"10.0.0.13" { snat 172.18.1.2 }
"10.0.0.14" { snat 172.18.1.3 }
"10.0.0.15" { snat 172.18.1.3 }
}
}
Having said that is this for return traffic from FTP server to client?