ltm rule command snat
iRule(1) BIG-IP TMSH Manual iRule(1)
snat
Assigns the specified SNAT translation address to the current
connection.
SYNOPSIS
snat (automap | none | IP_TUPLE | (IP_ADDR (PORT)?))
DESCRIPTION
Causes the system to assign the specified source address to the
serverside connection(s). The assignment is valid for the duration of
the clientside connection or until 'snat none' is called. The iRule
SNAT command overrides the SNAT configuration of the virtual server or
a SNAT pool. It does not override the 'Allow SNAT' setting of a pool.
Syntax
snat [] | none | automap
* Causes the system to assign the specified translation address to
the serverside connection.
RETURN VALUE
VALID DURING
CLIENT_ACCEPTED, HTTP_REQUEST, SERVER_CONNECTED
EXAMPLES
# Apply a specific SNAT address for clients in the 10.10.10.0/24 subnet
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] }{
snat 192.168.20.10
}
}
# Apply SNAT autmap if the selected pool member IP address is 1.1.1.1
when LB_SELECTED {
If { [IP::addr [LB::server addr] equals 1.1.1.1] } {
snat automap
}
}
# Apply SNAT automap for clients in the 10.10.10.0/24 subnet
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 10.10.10.0/24] }{
snat automap
}
}
# Assign a pool and configure SNAT based on the HTTP URI
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::path]] {
"/app1*" -
"/app2*" {
# Select the corresponding pool and use SNAT automap
pool app1_pool
snat automap
}
"/app3*" {
# Select the corresponding pool and do not use SNAT
pool app3_pool
snat none
}
default {
# Select the corresponding pool and a specific SNAT address
# to source serverside connections from
pool app4_pool
snat 10.0.0.10
}
}
}
# Apply a specific SNAT address and port client destination address is 10.10.10.1
# and the client destination port is 1025
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 10.10.10.1] and [TCP::local_port] == 1025] }{
snat 1.1.1.1 80
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)