[j-nsp] Help with NAT
Jonathan Looney
jonlooney at gmail.com
Tue Mar 27 12:57:34 EST 2007
Bill,
Try the following (you'll have to replace w.x.y.z/32 with the IP to which
you want to NAT your traffic):
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
service {
input {
service-set PAT-outbound;
}
output {
service-set PAT-outbound;
}
}
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
}
services {
nat {
pool pat-pool {
address 1.2.3.4/32;
port automatic;
}
rule interface-pat {
match-direction output;
term ALGs {
from {
source-address {
10.0.10.0/24;
}
application-sets junos-algs-outbound;
}
then {
translated {
source-pool pat-pool;
translation-type source dynamic;
}
}
}
term others {
from {
source-address {
10.0.10.0/24;
}
}
then {
translated {
source-pool pat-pool;
translation-type source dynamic;
}
}
}
}
}
service-set PAT-outbound {
nat-rules interface-pat;
interface-service {
service-interface sp-0/0/0;
}
}
}
-Jon
On 3/27/07, Bill Sandiford <bill at telnetcommunications.com> wrote:
>
> Hello All:
>
> I need a bit of help with a NAT setup on a J-4350. I have tried to get it
> working with the various samples/examples that I have found either online
> or
> in the docs, but I can't seem to get it going like I could on the old
> Cisco
> box that this Juniper has recently replaced.
>
> Here is my configuration
>
> ge-0/0/0 - Internet Connection
> ge-0/0/1 - An Internal network with RFC 1918 IPs (10.0.10.0/24)
> ge-0/0/2 - An Internal network with public IPs
> ge-0/0/3 - Another Internal network with public IPs
>
> I need to NAT/PAT all traffic that flows between ge-0/0/0 and
> ge-0/0/1. All
> other paths are not to be NAT'd. For example any of the internal networks
> with public IPs should NOT be NAT'd to either the internet connection
> (ge-0/0/0) or the internal network on RFC IPs.
>
> I used to be able to accomplish this on Cisco by tagging the internet
> interface "ip nat outside" and the internal network with RFC addresses "ip
> nat inside". Then a simple route-map / access-list to enable the NAT. I
> need to replicate a configuration like this for my J-4350......help !!!
>
> Regards,
> Bill
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list