[j-nsp] Configuring NAT on J2300

Harry Reynolds harry at juniper.net
Wed May 10 10:57:23 EDT 2006 

I am not 100% sure, but believe you can use the IP assigned to the
interfaces as a NAT pool. In fact, the j-series training material
NAT/SFW lab does just this. AFAIK it still works, but I have not messed
with it for over a year now.

What does the show services nat pool command display when you encounter
the problem?



 

> -----Original Message-----
> From: Chris Adams [mailto:cmadams at hiwaay.net] 
> Sent: Wednesday, May 10, 2006 7:44 AM
> To: Harry Reynolds
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Configuring NAT on J2300
> 
> Once upon a time, Harry Reynolds <harry at juniper.net> said:
> > The wording you point out does seem to describe 1:1 NAT, as 
> opposed to
> > n:1 PAT.  The key is inclusion of port automatic, as per 
> the example I 
> > sent, which evokes PAT to allow a single external IP to be 
> shared by 
> > many internal IPs.
> 
> One more (hopefully last) question: is it possible to NAPT to 
> an address on an interface?  For example, if I have a 
> numbered interface T1 with a /30, can I NAPT to the router's 
> IP in that /30?
> 
> For testing, I'm trying to NAT from one ethernet to another.  
> The public ethernet has a /24 with x.x.x.203 assigned.  If I 
> use x.x.x.205 as the only IP in the pool, it works.  If I use 
> x.x.x.203, the router accepts the config but it does not 
> appear to work (no traffic flows).
> 
> Here's what I'm doing with 7.6:
> 
> interfaces {
>     fe-0/0/0 {
>         description "public LAN";
>         unit 0 {
>             family inet {
>                 address x.x.x.203/24;
>             }
>         }
>     }
>     sp-0/0/0 {
>         unit 0 {    
>             family inet;
>         }
>     }
>     fe-0/0/1 {
>         description "private LAN";
>         unit 0 {
>             family inet {
>                 service {
>                     input {
>                         service-set do-nat;
>                     }
>                     output {
>                         service-set do-nat;
>                     }
>                 }
>                 address 192.168.55.254/24;
>             }
>         }
>     }
> }
> services {
>     nat {
>         pool one-ip {
>             address-range low x.x.x.203 high x.x.x.203;
>             port automatic;
>         }
>         rule nat-to-wan {
>             match-direction input;
>             term nat {
>                 then {
>                     translated {
>                         source-pool one-ip;
>                         translation-type source dynamic;
>                     }
>                 }
>             }
>         }
>     }
>     service-set do-nat {
>         nat-rules nat-to-wan;
>         interface-service {
>             service-interface sp-0/0/0;
>         }
>     }
> }
> 
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services 
> I don't speak for anybody but myself - that's enough trouble.
>

More information about the juniper-nsp mailing list