selective SNAT on Forwarding VS

Question

I want to selectively SNAT on a forwarding VS based upon the IP address of the destination.  My iRule would look like the following:
when CLIENT_ACCEPTED {
   if [matchclass $$::internal_networks not equal IP destination] {
      snatpool pool_snat
   }
}
The questions I have are the following:
What is the syntax for not equal?
What structure should I use to get the IP of the destination in this case?  Is it IP::local_addr?

hooleylist · Answer

Hi,
You can use not or ! to negate the comparison.  I'm pretty sure you need to wrap the test in parens.  And yes, IP::local_addr in the clientside context will be the destination IP.
when CLIENT_ACCEPTED {
   if {not ([matchclass $::internal_networks equals [IP::local_addr])}{
      snatpool pool_snat
   }
}
Aaron

patrick_chang_7 · Answer

Thanks

techgeeeg · Answer

I need a little bit of explanation what the above irule is doing. What I have understood is the following,&nbsp;

There is an address object "internal_networks" created under irule with the internal subnet defined.&nbsp;

The irule compares this subnet to the request coming to this VS and if it does not matches then it sends the connection from outbound_snat snat address pool. but if it matches what will happen then??

Forum Discussion

selective SNAT on Forwarding VS

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Selective SNAT

Selective SNAT with iRules

SNAT IP address logging

iRules Recipe 3: Pool and SNAT Selection by Host Header Value

Pool selection based on X-Forwarded-For header