Forum Discussion
hooleylist
Nov 23, 2009Cirrostratus
Something like this maybe...
when CLIENT_ACCEPTED {
Create some snat name to IP variables
set snat0_ip 1.1.1.1
set snat1_ip 2.2.2.2
set snat2_ip 3.3.3.3
set snat3_ip 4.4.4.4
set snat4_ip 5.5.5.5
Test with a dummy client IP address
set client_ip "10.11.12.13"
log local0. "\$client_ip: $client_ip"
Scan the dummy IP address for each octet
scan $client_ip {%[0-9].%[0-9].%[0-9].%[0-9]} a b c d
log local0. "result: \[expr {$c % 5}\]: [expr {$c % 5}]"
Use modulus 5 on the third octet
log local0. "Snat command: snat [set "snat[expr {$c % 5}]_ip"]"
Apply the SNAT IP to this connection
snat [set "snat[expr {$c % 5}]_ip"]
}
Once you're done testing, you can replace the $client_ip variable with [IP::client_addr]. You could also experiment with using a datagroup to store the SNAT addresses or maybe an array.
Aaron