[j-nsp] I've got some bone head problem on an srx...but I don't see it.
Morgan McLean
wrx230 at gmail.com
Thu Jun 13 13:20:54 EDT 2013
Yes. the issue appears that I was not putting junos-self or junos-host at
the source security zone for the nat rule. I have yet to try it, will test
today.
Thanks!
Morgan
On Thu, Jun 13, 2013 at 9:25 AM, Pavel Lunin <plunin at senetsy.ru> wrote:
>
>
> 12.06.2013 08:59, Morgan McLean wrote:
> > I rolled back and ran a ping to a host out on the net. Heres the
> trace...is
> > the fact that its coming from junos-self screwing things up?
> The trace shows no src nat happened:
> > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT:flow_first_routing: call
> > flow_route_lookup(): src_ip 192.168.29.11, x_dst_ip 192.81.130.21, in ifp
> > .local..0, out ifp N/A sp 8, dp 207, ip_proto 1, tos 0
> [...]
> > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT:flow_first_src_xlate:
> > nat_src_xlated: False, nat_src_xlate_failed: False
> >
> > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT:flow_first_src_xlate: src nat
> > returns status: 0, rule/pool id: 0/0, pst_nat: False.
> >
> > Jun 11 21:51:22 21:51:21.1472397:CID-1:RT: dip id = 0/0,
> 192.168.29.11/8->
> > 192.168.29.11/8
> This means you were sending packets to the Internet from the source IP
> 192.168.29.11.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Thanks,
Morgan
More information about the juniper-nsp
mailing list