[j-nsp] "nat outside"
Harshit Kumar
harshit at juniper.net
Thu Apr 12 23:33:27 EDT 2007
You can use these two commands to see the sessions.
show services stateful-firewall ?
Possible completions:
conversations Show conversations
flows Show flow table entries
-----Original Message-----
From: O S [mailto:oops98 at yahoo.com]
Sent: Thursday, April 12, 2007 6:35 PM
To: Harshit Kumar; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] "nat outside"
Hi Harshit,
Thanks a lot for the hint. So I added this
+ service {
+ input {
+ service-set NATout;
+ }
+ output {
+ service-set NATout;
+ }
+ }
[edit interfaces]
+ sp-1/2/0 {
+ unit 0 {
+ family inet;
+ }
+ }
[edit services]
+ service-set NATout {
+ nat-rules goOUT;
+ interface-service {
+ service-interface sp-1/2/0;
+ }
+ }
The router seems doing some things after that, but I can I example
the nat table? like show ip nat ... in cisco world.
Many thanks,
OS
----- Original Message ----
From: Harshit Kumar <harshit at juniper.net>
To: O S <oops98 at yahoo.com>; juniper-nsp at puck.nether.net
Sent: Thursday, April 12, 2007 3:08:26 AM
Subject: RE: [j-nsp] "nat outside"
You need to define a service-set (which can be applied
on the physical interface) and use this rule in that
service-set. See the following links:
http://www.juniper.net/techpubs/software/junos/junos82/swconfig82-servic
es/html/service-set-config4.html#1032529
http://www.juniper.net/techpubs/software/junos/junos82/swconfig82-servic
es/html/service-set-config.html
http://www.juniper.net/techpubs/software/junos/junos82/swconfig82-servic
es/html/service-set-config2.html#1014436
thx
Harshit
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of O S
Sent: Wednesday, April 11, 2007 9:17 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] "nat outside"
Hi,
I'm looking for a nat configuration example in juniper M7i. I follow
the book setup the
service:
nat {
pool OUTIP {
address 10.1.2.3/32;
port automatic;
}
rule goOUT {
match-direction output;
term 1 {
from {
destination-address {
10.10.10.10/32;
}
}
then {
translated {
source-pool OUTIP;
translation-type source dynamic;
}
}
}
}
}
How do I apply the nat service to a interface (I failed to find the
example from the book)?
The router is
Model: m7i
JUNOS Base OS boot [8.0R2.8]
JUNOS Base OS Software Suite [8.0R2.8]
JUNOS Kernel Software Suite [8.0R2.8]
JUNOS Packet Forwarding Engine Support (M7i/M10i) [8.0R2.8]
JUNOS Routing Software Suite [8.0R2.8]
JUNOS Online Documentation [8.0R2.8]
Basically, I would like all packets from interface fe-0/0/0.0 go to
server
10.10.10.10 be nat-ed.
=> [all other interfaces M7i fe-0/0/0.0] --> 10.10.10.10 where
fe-0/0/0.0 has IP 10.1.2.1/24
Thanks a lot,
OS
________________________________________________________________________
____________
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the juniper-nsp
mailing list