[j-nsp] JUNOS port forwarding

Dan Rautio drautio at juniper.net
Thu Apr 19 12:28:54 EDT 2007 

Leigh,

Here is something similar on a m-series with a as pic:

interfaces {
    sp-0/2/0 {
        services-options {
            syslog {
                host local {
                    services info;
                }
            }
        }
        unit 0 {
            family inet;
        }
    }
    ge-1/0/0 {
        description "Untrusted interface";
        unit 0 {
            family inet {
                address 10.40.2.1/24;
            }
        }
    }
    ge-1/1/0 {
        description "Trusted interface";
        unit 0 {
            family inet {
                address 10.40.1.1/24;
            }
        }
    }
}
services {
    stateful-firewall {
        rule sfw-basic-apps {
            match-direction input;
            term term_ftp {
                from {
                    applications ftp;
                }
                then {
                    accept;
                }
            }
            term term_shell {
                from {
                    applications shell;
                }
                then {
                    accept;
                }
            }
            term term_rexec {
                from {
                    applications rexec;
                }
                then {
                    accept;
                }
            }
            term term_any {
                then {
                    accept;
                }
            }
        }
    }
    nat {
        pool nat-pool-1 {
            address 10.40.2.1/32;
        }
        pool nat-pool-2 {
            address 11.200.2.1/32;
        }
        rule nat-basic-apps {
            match-direction input;
            term term_ftp {
                from {
                    source-address {
                        10.40.1.0/24;
                    }
                    applications ftp;
                }
                then {
                    translated {
                        source-pool nat-pool-2;
                        translation-type source static;
                    }
                }
            }
            term term_any {
                from {
                    source-address {
                        10.40.1.0/24;
                    }
                }
                then {
                    translated {
                        source-pool nat-pool-2;
                        translation-type source static;
                    }
                }
            }
        }
    }
    adaptive-services-pics {
        traceoptions {
            flag all;
        }
    }
    service-set sfw-only {
        stateful-firewall-rules sfw-basic-apps;
        interface-service {
            service-interface sp-0/2/0;
        }
    }
    service-set sfw-nat {
        stateful-firewall-rules sfw-basic-apps;
        nat-rules nat-basic-apps;
        interface-service {
            service-interface sp-0/2/0;
        }
    }
}


- Dan

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Leigh Porter
> Sent: Thursday, April 19, 2007 4:53 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] JUNOS port forwarding
> 
> 
> Hey all,
> 
> I would like to configure NAT incoming port forwarding on a J series
> router. The outbound NAT works correctly but I can not find any
> documentation about incoming port forwarding. Can anybody give me some
> hints please?
> 
> Thanks,
> Leigh Porter
> UK Broadband
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list