gto481_34301
Oct 16, 2011Nimbostratus
No acknowledge from destination after SNAT using iRule
I have one client server with one IP address (192.168.1.1). I would like to SNAT the server IP address base on outgoing port 2222. Actually, the default SNAT is 10.230.10.1 for any other ports. However, I would like to SNAT to 10.10.1.1 just only when I connect to app server 172.17.30.1 on port 2222.
I just create Virtual Server 172.17.30.1 port 2222 and have 172.17.30.1 port 2222 as server pool. Then I associated iRule SNAT to 10.10.1.1 on match port 2222.
It seems SNAT is working but the client server cannot communicate to the app server since no acknowledge from the app server. Something like below
10.10.1.1 38569 --> 172.17.30.1 2222
10.10.1.1 58967 --> 172.17.30.1 2222
The following is my iRule to match port 2222 and SNAT to 10.10.1.1
when CLIENT_ACCEPTED {
if { [TCP::local_port] == 2222 } {
snat 10.10.1.1
}
else {
forward
}
}
However, if I change default SNAT to 10.10.1.1 then it can get acknowledge from the app server.
Do you guys know how to solve my problem? Any suggestion would be appreciated.