[j-nsp] NAT

GIULIANO (UOL) giulianocm at uol.com.br
Wed Jun 18 15:27:41 EDT 2008


Manu,

You can try some script like:

services {
     nat {
         pool external {
             address-range low 200.204.x.a high 200.204.5.x.f;
             port automatic;
         }
         rule internet {
             match-direction output;
             term internet {
                 from {
                     source-address {
                         192.168.5.0/24;
                     }
                 }
                 then {
                     translated {
                         source-pool external;
                         translation-type {
                             source dynamic;
                         }
                     }
                 }
             }
             term all {
                 from {                <------ Introduce the APP for MGT
                     source-address {
                         any-unicast;
                     }
                 }
                 then {
                     no-translation;
                 }
             }
         }
     }
     service-set internet {
         nat-rules internet;
         interface-service {
             service-interface sp-0/0/0;
         }
     }
}


http://www.wztech.com.br/config/junos-nat-internet


> It's possible...
> 
> Let's see your stateful-firewall rules...
> 
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> On Wed, Jun 18, 2008 at 2:17 PM, Manu Chao <linux.yahoo at gmail.com> wrote:
> 
>> Hello,
>>
>> I have configured Source NAT on a J router by using the public WAN IP for
>> the NAT pool range.
>> NAT work fine but i can no longer manage my router from the public
>> network...
>>
>> Questions:
>> How can i correct my NAT configuration in order to manage my router with
>> the
>> same IP than the NAT POOL?
>> Is it possible or need i an additionnal public IP?
>>
>> Here is my configuration:
>>
>> interfaces {
>>    ge-/0/0/0 {
>>        description WAN;
>>        unit 0 {
>>            family inet {
>>                service {
>>                    input {
>>                        service-set jweb-wan-sfw-service-set;
>>                    }
>>                    output {
>>                        service-set jweb-wan-sfw-service-set;
>>                    }
>>                }
>>                address 1.1.1.1/24;
>>
>> services {
>>
>>    service-set jweb-wan-sfw-service-set {
>>        stateful-firewall-rules jweb-sfw-to-wan;
>>        stateful-firewall-rules jweb-sfw-from-wan;
>>        nat-rules jweb-nat-to-wan;
>>        interface-service {
>>            service-interface sp-0/0/0;
>>        }
>>
>>    nat {
>>        pool jweb-nat-pool {
>>            address-range 1.1.1.1/32;
>>            port automatic;
>>        }
>>        rule jweb-nat-to-wan {
>>            match-direction output;
>>            term jweb-nat-term {
>>                then {
>>                    translated {
>>                        source-pool jweb-nat-pool;
>>                        translation-type {
>>                            source dynamic;
>>
>>
>> Any help will be appreciated!!!!
>>
>> Regards,
>> Manu
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 3198 (20080618) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 



More information about the juniper-nsp mailing list