Forum Discussion

vinitshah_24968's avatar
vinitshah_24968
Icon for Nimbostratus rankNimbostratus
Feb 24, 2016

Destination based i-rule not working

Hi ,

 

I have a VIP which listens on specific port . I already have an irule created for snat none but that is on client_addr basis.

 

I want to create an irule which will do no snat based on the destination IP address. Means if a request comes to VIP for particular destination then it will not do snat for that request and forward that to the respective pool member

 

BIG IP OS version is 10.2 .

 

Below is the syntax that I have created but its not working. Kindly guide me if I have missed something .

 

when CLIENT_ACCEPTED { if { [class match [IP::local_addr] equals no-nat-destination-based] } { snat none log local0. "Client/Source Address -> IP address [IP::client_addr]" log local0. "Local/Destination Address -> IP address [IP::local_addr]"

 

} }

 

application delivery
BIG-IP
iRules

2 Replies

Sort By
  • MichaelatF5's avatar
    MichaelatF5
    Icon for Employee rankEmployee
    Feb 24, 2016

    Try this, if the client is on the same subnet it will not snat, if client is NOT on the same subnet, it will snat. Change [pool/automap/none] as needed:

    when LB_SELECTED {
  if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {
   snat [pool/automap/none]
  } else {
   snat none
  }
}
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Feb 24, 2016

    Hi Vinitshah,

    you have to keep in mind that 

    [IP::local_addr]
    is the IP address of the virtual server. To have a SNAT exemption based on the pool members IP address, you have to use the 
    [LB::server addr]
    command. But this command is only valid for after a pool member was selected (e.g. 
    LB_SELECTED
    and later events)

    when LB_SELECTED { 
    if { [class match [LB::server addr] equals no-nat-destination-based] } then { 
        snat none 
        log local0. "Client/Source Address -> IP address [IP::client_addr]" 
        log local0. "Server/Destination Address -> IP address [LB::server addr]" 
    }
}

    Cheers, Kai