[j-nsp] Destination NAT
Mohammad Khalil
eng.mssk at gmail.com
Thu Nov 28 03:33:54 EST 2013
But I already configured set security zones security-zone trust
address-book address SERVER y.y.y.y/32
Which will contain the real IP address right ?
I followed the link below
http://www.fir3net.com/Juniper-SRX-Series-Gateway/juniper-srx-destination-nat-port-forwarding.html
On Thu, Nov 28, 2013 at 11:08 AM, Asad Raza <asadgardezi at gmail.com> wrote:
> Hi,
>
> DNAT is done before the policy match/route lookup. You need to allow
> x.x.x.x in the policy instead of y.y.y.y
>
> Regards,
>
> Asad
> On Nov 28, 2013, at 11:00 AM, Mohammad Khalil <eng.mssk at gmail.com> wrote:
>
> > Hi All
> > I have srx210h
> > I Have a server with an IP address x.x.x.x and want to allow telnet
> access
> > to it on different port (I chose 3333) , and assigned it the public IP
> > address y.y.y.y
> > But seems not working
> > set security zones security-zone trust address-book address SERVER
> > y.y.y.y/32
> >
> > set applications application TELNET_DNAT protocol tcp
> > set applications application TELNET_DNAT destination-port 3333
> >
> > set security nat destination pool DNAT_POOL address y.y.y.y/32
> > set security nat destination pool DNAT_POOL address port 23
> >
> > set security nat destination rule-set DNAT_RULE from zone untrust
> >
> > set security nat destination rule-set DNAT_RULE rule rule1 match
> > destination-address x.x.x.x/32
> > set security nat destination rule-set DNAT_RULE rule rule1 match
> > destination-port 3333
> > set security nat destination rule-set DNAT_RULE rule rule1 then
> > destination-nat pool DNAT_POOL
> >
> > set security policies from-zone untrust to-zone trust policy DNAT_POLICY
> > match source-address any
> > set security policies from-zone untrust to-zone trust policy DNAT_POLICY
> > match destination-address SERVER
> > set security policies from-zone untrust to-zone trust policy DNAT_POLICY
> > match application TELNET_DNAT
> > set security policies from-zone untrust to-zone trust policy DNAT_POLICY
> > then permit
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
More information about the juniper-nsp
mailing list