snat irule not working as expected
Hi All,
I have an existing, working irule that will snat based on the IP address (ie. if its off the corporate network 10.0.0.0/16 it will snat):
when CLIENT_ACCEPTED { if {[class match [IP::remote_addr] equals app_servers]} { if {not [IP::addr [IP::local_addr] equals 10.0.0.0/16]} { snat 10.0.255.1 } } }
However i need to exclude another range, so i changed the rule to this: when CLIENT_ACCEPTED { if {[class match [IP::remote_addr] equals app_servers]} { if {not [IP::addr [IP::local_addr] equals 10.0.0.0/16] or not [IP::addr [IP::local_addr] equals 10.128.0.0/24]} { snat 10.0.255.1 } } }
The syntax seems to be fine, but adding the second address stops it from matching the rule altogether (ie. everything gets snat). Can anyone notice where i am going wrong?
Any help appreciated, thanks, Tim