[j-nsp] NAT
GIULIANO (UOL)
giulianocm at uol.com.br
Wed Jun 18 15:27:41 EDT 2008
Manu,
You can try some script like:
services {
nat {
pool external {
address-range low 200.204.x.a high 200.204.5.x.f;
port automatic;
}
rule internet {
match-direction output;
term internet {
from {
source-address {
192.168.5.0/24;
}
}
then {
translated {
source-pool external;
translation-type {
source dynamic;
}
}
}
}
term all {
from { <------ Introduce the APP for MGT
source-address {
any-unicast;
}
}
then {
no-translation;
}
}
}
}
service-set internet {
nat-rules internet;
interface-service {
service-interface sp-0/0/0;
}
}
}
http://www.wztech.com.br/config/junos-nat-internet
> It's possible...
>
> Let's see your stateful-firewall rules...
>
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> On Wed, Jun 18, 2008 at 2:17 PM, Manu Chao <linux.yahoo at gmail.com> wrote:
>
>> Hello,
>>
>> I have configured Source NAT on a J router by using the public WAN IP for
>> the NAT pool range.
>> NAT work fine but i can no longer manage my router from the public
>> network...
>>
>> Questions:
>> How can i correct my NAT configuration in order to manage my router with
>> the
>> same IP than the NAT POOL?
>> Is it possible or need i an additionnal public IP?
>>
>> Here is my configuration:
>>
>> interfaces {
>> ge-/0/0/0 {
>> description WAN;
>> unit 0 {
>> family inet {
>> service {
>> input {
>> service-set jweb-wan-sfw-service-set;
>> }
>> output {
>> service-set jweb-wan-sfw-service-set;
>> }
>> }
>> address 1.1.1.1/24;
>>
>> services {
>>
>> service-set jweb-wan-sfw-service-set {
>> stateful-firewall-rules jweb-sfw-to-wan;
>> stateful-firewall-rules jweb-sfw-from-wan;
>> nat-rules jweb-nat-to-wan;
>> interface-service {
>> service-interface sp-0/0/0;
>> }
>>
>> nat {
>> pool jweb-nat-pool {
>> address-range 1.1.1.1/32;
>> port automatic;
>> }
>> rule jweb-nat-to-wan {
>> match-direction output;
>> term jweb-nat-term {
>> then {
>> translated {
>> source-pool jweb-nat-pool;
>> translation-type {
>> source dynamic;
>>
>>
>> Any help will be appreciated!!!!
>>
>> Regards,
>> Manu
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 3198 (20080618) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
More information about the juniper-nsp
mailing list