snat¶
Description¶
Causes the system to assign the specified source address to the
serverside connection(s). The assignment is valid for the duration of
the clientside connection or until ‘snat none’ is called. The iRule
SNAT command overrides the SNAT configuration of the virtual server or
a SNAT pool. It does not override the ‘Allow SNAT’ setting of a pool.
This command will not cause BigIP to answer any ARP requests for the
address when the address exists on the egress VLAN. If responding to
ARP requests in this situation is desired, SNAT pools may be created
and the snatpool may be used instead.
Syntax¶
snat <addr> [<port>] | none | automap
snat <addr> [<port>] | none | automap¶
- Causes the system to assign the specified translation address to the serverside connection.
Examples¶
# Apply a specific SNAT address for clients in the 10.10.10.0/24 subnet
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] }{
snat 192.168.20.10
}
}
# Apply SNAT autmap if the selected pool member IP address is 1.1.1.1
when LB_SELECTED {
If { [IP::addr [LB::server addr] equals 1.1.1.1] } {
snat automap
}
}
# Apply SNAT automap for clients in the 10.10.10.0/24 subnet
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 10.10.10.0/24] }{
snat automap
}
}
# Assign a pool and configure SNAT based on the HTTP URI
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::path]] {
"/app1*" -
"/app2*" {
# Select the corresponding pool and use SNAT automap
pool app1_pool
snat automap
}
"/app3*" {
# Select the corresponding pool and do not use SNAT
pool app3_pool
snat none
}
default {
# Select the corresponding pool and a specific SNAT address
# to source serverside connections from
pool app4_pool
snat 10.0.0.10
}
}
}
# Apply a specific SNAT address and port client destination address is 10.10.10.1
# and the client destination port is 1025
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 10.10.10.1] and [TCP::local_port] == 1025] }{
snat 1.1.1.1 80
}
}