[j-nsp] Destination NAT

Mohammad Khalil eng.mssk at gmail.com
Thu Nov 28 03:00:14 EST 2013


Hi All
I have srx210h
I Have a server with an IP address x.x.x.x and want to allow telnet access
to it on different port (I chose 3333) , and assigned it the public IP
address y.y.y.y
But seems not working
set security zones security-zone trust address-book address SERVER
y.y.y.y/32

set applications application TELNET_DNAT protocol tcp
set applications application TELNET_DNAT destination-port 3333

set security nat destination pool DNAT_POOL address y.y.y.y/32
set security nat destination pool DNAT_POOL address port 23

set security nat destination rule-set DNAT_RULE from zone untrust

set security nat destination rule-set DNAT_RULE rule rule1 match
destination-address x.x.x.x/32
set security nat destination rule-set DNAT_RULE rule rule1 match
destination-port 3333
set security nat destination rule-set DNAT_RULE rule rule1 then
destination-nat pool DNAT_POOL

set security policies from-zone untrust to-zone trust policy DNAT_POLICY
match source-address any
set security policies from-zone untrust to-zone trust policy DNAT_POLICY
match destination-address SERVER
set security policies from-zone untrust to-zone trust policy DNAT_POLICY
match application TELNET_DNAT
set security policies from-zone untrust to-zone trust policy DNAT_POLICY
then permit


More information about the juniper-nsp mailing list