[j-nsp] Configuring NAT on J2300
Chris Adams
cmadams at hiwaay.net
Wed May 10 10:43:57 EDT 2006
Once upon a time, Harry Reynolds <harry at juniper.net> said:
> The wording you point out does seem to describe 1:1 NAT, as opposed to
> n:1 PAT. The key is inclusion of port automatic, as per the example I
> sent, which evokes PAT to allow a single external IP to be shared by
> many internal IPs.
One more (hopefully last) question: is it possible to NAPT to an address
on an interface? For example, if I have a numbered interface T1 with a
/30, can I NAPT to the router's IP in that /30?
For testing, I'm trying to NAT from one ethernet to another. The public
ethernet has a /24 with x.x.x.203 assigned. If I use x.x.x.205 as the
only IP in the pool, it works. If I use x.x.x.203, the router accepts
the config but it does not appear to work (no traffic flows).
Here's what I'm doing with 7.6:
interfaces {
fe-0/0/0 {
description "public LAN";
unit 0 {
family inet {
address x.x.x.203/24;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
fe-0/0/1 {
description "private LAN";
unit 0 {
family inet {
service {
input {
service-set do-nat;
}
output {
service-set do-nat;
}
}
address 192.168.55.254/24;
}
}
}
}
services {
nat {
pool one-ip {
address-range low x.x.x.203 high x.x.x.203;
port automatic;
}
rule nat-to-wan {
match-direction input;
term nat {
then {
translated {
source-pool one-ip;
translation-type source dynamic;
}
}
}
}
}
service-set do-nat {
nat-rules nat-to-wan;
interface-service {
service-interface sp-0/0/0;
}
}
}
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the juniper-nsp
mailing list