snat

Description¶

Causes the system to assign the specified source address to the serverside connection(s). The assignment is valid for the duration of the clientside connection or until ‘snat none’ is called. The iRule SNAT command overrides the SNAT configuration of the virtual server or a SNAT pool. It does not override the ‘Allow SNAT’ setting of a pool.

This command will not cause BigIP to answer any ARP requests for the address when the address exists on the egress VLAN. If responding to ARP requests in this situation is desired, SNAT pools may be created and the snatpool may be used instead.

Syntax¶

snat <addr> [<port>] | none | automap

snat <addr> [<port>] | none | automap¶

Causes the system to assign the specified translation address to the serverside connection.

Examples¶

# Apply a specific SNAT address for clients in the 10.10.10.0/24 subnet
when CLIENT_ACCEPTED {
   if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] }{
      snat 192.168.20.10
   }
}

# Apply SNAT autmap if the selected pool member IP address is 1.1.1.1
when LB_SELECTED {
   If { [IP::addr [LB::server addr] equals 1.1.1.1] } {
     snat automap
  }
}

# Apply SNAT automap for clients in the 10.10.10.0/24 subnet
when CLIENT_ACCEPTED {
   if { [IP::addr [IP::local_addr] equals 10.10.10.0/24] }{
      snat automap
   }
}

# Assign a pool and configure SNAT based on the HTTP URI
when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::path]] {
        "/app1*" -
        "/app2*" {
            # Select the corresponding pool and use SNAT automap
            pool app1_pool
            snat automap
        }
        "/app3*" {
            # Select the corresponding pool and do not use SNAT
            pool app3_pool
            snat none
        }
        default {
            # Select the corresponding pool and a specific SNAT address
            #  to source serverside connections from
            pool app4_pool
            snat 10.0.0.10
        }
    }
}

# Apply a specific SNAT address and port client destination address is 10.10.10.1
#  and the client destination port is 1025
when CLIENT_ACCEPTED {
   if { [IP::addr [IP::local_addr] equals 10.10.10.1] and [TCP::local_port] == 1025] }{
      snat 1.1.1.1 80
   }
}

Related Information¶

Valid Events:

CLIENT_ACCEPTED, HTTP_REQUEST, SERVER_CONNECTED

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

ProxyPass v10/v11 - iRule (for LTM v10/v11) to replace the functionality of Apache Webserver ProxyPass and ProxyPassReverse functions allowing for a different server and client view of your web application(s).
Reverse Proxy With Basic SSO - The iRule implements a authenticated HTTPS reverse proxy.
Selective SNAT - iRule that SNATS based on host address and port while just forwarding everything else.
SNAT pool persistence - This example shows how to select the same SNAT address for a given client IP address without tracking the selection in memory

Introduced: BIGIP-9.0.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

snat¶

Description¶

Syntax¶

snat <addr> [<port>] | none | automap¶

Examples¶

Related Information¶