[j-nsp] Configuring NAT on J2300

Chris Adams cmadams at hiwaay.net
Wed May 10 09:46:45 EDT 2006

Once upon a time, Harshit Kumar <harshit at juniper.net> said:
> Docs might help too
> http://www.juniper.net/techpubs/software/junos/junos76/swconfig76-servic
> es/frameset.htm 

Thanks to both responses.  I had read through the docs for a while and
tried some configuration, but my mistake was I went straight to the NAT
section.  I haven't done any firewalling on a Juniper either, so I
skipped those sections, and didn't realize how NAT related to it (so I
couldn't figure out how to apply my NAT config to an actual interface).

Oh, now I get "warning: requires 'firewall' license".

Also, the docs for translation-type statement say:

  * source dynamic -- Implement address translation for source
    traffic with Network Address Port Translation (NAPT). You must
    specify a source-pool name. The referenced pool must include a port
    or address configuration.

  This option supports translating a large range of addresses to a
  smaller size pool. The requests from the source address range are
  assigned to the addresses in the pool until the pool is used up, and
  any additional requests are rejected. A NAT address assigned to a host
  is used for all concurrent sessions from that host. The address is
  released to the pool only after all the sessions for that host expire.
  This feature enables the router to share a few public IP addresses
  between several private hosts. Since all the private hosts might not
  simultaneously create sessions, they can share a few public IP

That sounded to me like a pool IP was matched with a private IP for as
long as a private IP had associated sessions, so if I only specified one
public IP, I could only have one private IP accessing the outside world
at a time.

Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the juniper-nsp mailing list