Forum Discussion

Miguel_Alfaro_6's avatar
Miguel_Alfaro_6
Icon for Nimbostratus rankNimbostratus
Jun 15, 2008

Irule to change dest IP and save the old one into the packet

Hi i'm new with irules and need to know if the following is possible

 

 

I need in to change a packet destination ip address to 172.16.49.70 and save the old ip "x.x.x.x" into any place in a packet.

 

 

something like this:

 

 

when CLIENT_ACCEPTED {

 

set firstIP [IP::remote_addr]

 

set secondIP "172.16.49.70"

 

[IP::remote_addr] replace [IP::remote_addr] $secondIP

 

here i need to save "firstIP" into the packet

 

}

 

 

And in a second ltm another irule that raplace the remote address with the one into the packet.

 

 

 

when CLIENT_ACCEPTED {

 

here I need look into the packet and find "firstIP"

 

[IP::remote_addr] replace [IP::remote_addr] $firstIP

 

}

 

 

 

it is that possible?

 

how close i am?

6 Replies

  • If you want to perform destination address translation, you can enable address translation on the VIP. LTM will then translate the destination address to the selected pool member's IP address. If you want to do this dynamically in an iRule, you can use the node command (Click here). LTM will undo the translation for responses back to the client using its connection table to track the original IP address.

     

     

    Aaron
  • Hi!!

     

     

    First of all, IP::remote_addr is a command, not a variable, so you can't change it this way. Secondly, it would return your client IP address (source), not the destination. You need to use the "pool" command in order to change the destination of the packet, with or without destination NAT.

     

     

    when CLIENT_ACCEPTED {

     

    set firstIP [IP::local_addr]

     

    pool pool_172.16.49.70

     

    }

     

     

    I don´t think you can insert the old IP in the packet. If we're talking about HTTP, you could insert an HTTP header containing it, like an "X-forwarded-for" header

     

     

    when HTTP_REQUEST {

     

    HTTP::header First_IP [IP::local_addr]

     

    pool pool_172.16.49.70

     

    }

     

     

    However, maybe it is a lot easier than you think. It seems that you need to reroute traffic through the second LTM, right? So you need to forward traffic to 172.16.49.70 and let this one make the routing decisions based on destination IP address.

     

     

    Maybe you can make it by selecting this IP as the pool and disabling the destination NAT.
  • sorry, the diagram doesn't looks the way i want, i will attach a file with the correct diagram
  • miguel_alfaro,

     

     

    To change destination IP, you need to enable address translation in virtual configuration, assign pool or use node command in iRule. (I believe it is what hoolio and mgabaldon point out earlier.)

     

     

    let say you use node command.

     

    on sender side

     

    when CLIENT_ACCEPTED {

     

    TCP::collect

     

    }

     

    when CLIENT_DATA {

     

    set ww [scan [IP::local_addr] "%d.%d.%d.%d"]

     

    set xx [binary format c4 $ww]

     

    TCP::payload replace 0 0 $xx

     

    node 172.16.49.70

     

    TCP::release

     

    }

     

     

    on receiver LTM

     

    when CLIENT_ACCEPTED {

     

    TCP::colllect

     

    }

     

    when CLIENT_DATA {

     

    binary scan [TCP::payload] a4 xx

     

    set first_ip [IP::addr $xx mask 255.255.255.255]

     

    node $first_ip

     

    TCP::release

     

    }
  • natty77,

     

     

    ok i got it, but there im loosing the original ip address, and I will need it in the second LTM.

     

    what I need is:

     

     

    LTM1

     

    1- Change destination IP address

     

    2- Hide the original in the data

     

     

    LTM2

     

    1- Find the original IP address

     

    2- Replace the destiantion IP with the original (the hidden one)

     

     

    if I dont have the original IP in the second ltm, I can not send the traffic to internet by link 2.