Assistance needed for SNATing plus other irules

I've got a task to do some snat and some other traffic modification.

 

 

connections with destination-port 6200,6201,6202 should have a timeout of 6 hours.

 

connections with certain ip (x.y.234.167 and .170) and destination port 1100(openft) should be SNATed to a.b.20.d

 

 

now i've created following rules

 

 

x1

 

when CLIENT_ACCEPTED {

 

switch [TCP::client_port] {

 

6200-

 

6201-

 

6202{

 

IP::idle_timeout 21600

 

}

 

default {

 

IP::idle_timeout 3600

 

}

 

} }

 

 

x2

 

when CLIENT_ACCEPTED {

 

 

check if client_addr = any in the class

 

if { [matchclass [IP::client_addr] equals $::InternalHosts]} {

 

 

check if the class contains the server_port requested

 

if { [matchclass [TCP::local_port] equals $::openft_port]} {

 

 

snat using this source address

 

snat a.b.20.d

 

 

} else {

 

don't do any source address translation

 

forward

 

}

 

}

 

}

 

where

 

class InternalHosts {

 

host x.y.234.167

 

host x.y.234.170

 

}

 

class openft_port {

 

1100

 

}

 

 

 

 

and implemented it to a VS in this order.

 

virtual Routing_Back {

 

lasthop pool GW

 

pool GW

 

destination any:any

 

mask none

 

vlans internal enable

 

rules x1 x2

 

profiles int_fastL4

 

}

 

 

The effect was that new connections couldnt be established.

 

What mistake have i made?

 

 

Any help would be greatly appreciated.