Port translation for outbound with port range

Question

I have created a wildcard VS for routing and I am trying to create an Irule which will SNAT the connection for outbound traffic with source port change to random port that unused in a specific port range, example:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.1.1.100/32] }{
  snat 192.168.1.100 (5000 -&gt; 5999) || I need source 10.1.1.100:X change to 192.168.1.100:5XXX

}
}
I don't know Is there any way to done this and hope your helps!
Thanks so much,
Jose

leonardo_souza · Answer

Based in the snat command documentation, it just accepts one port:
https://devcentral.f5.com/wiki/irules.snat.ashx&nbsp;
You need to keep track of the port used, saving the information to the persistence table.
For a new connection you assign the port, and save the port in the persistence table.
When the connection is finished (CLIENT_CLOSED event), you need to delete the table entry.
You also need to write the logic to check for next available port in the range, maybe having a global variable with an index that you increment (and return to the beginning when reach the higest number), and check that does not exit yet in the persistence table.&nbsp;
Have a look in this link about the persistence table:
https://devcentral.f5.com/articles/irules-101-12-the-session-command&nbsp;

Forum Discussion

Port translation for outbound with port range

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Assistance with iRule using port ranges

Radware config translation

Policy to forward to a range of ports

GTM Translation

IPv6 Virtual Server to IPv4 pools translation