[j-nsp] SRX FBF issue
Yuriy B. Borysov
yokodzun at yokodzun.kiev.ua
Fri Jun 5 12:11:16 EDT 2015
Hello!
I got a strange problem with Filter Based Forwarding on SRX 220.
I have two uplink:
show configuration interfaces ge-0/0/0.14
description uplink1;
vlan-id 14;
family inet {
mtu 1500;
address x.x.x.82/29;
address x.x.x.85/29;
address x.x.x.86/29;
}
show configuration interfaces ge-0/0/0.18
description uplink2;
vlan-id 18;
family inet {
mtu 1500;
address y.y.y.114/28;
address y.y.y.117/28;
}
Default route on ge-0/0/0.14 (x.x.x.81).
I configure destination nat on y.y.y.114:
show security nat destination rule-set port-redirect rule test
match {
destination-address y.y.y.y/32;
destination-port 2555;
}
then {
destination-nat pool test;
}
Run telnet y.y.y.114 2555 and I see a strange picture:
run show security flow session destination-port 2555
Session ID: 133327, Policy name: untrust-to-trust/11, Timeout: 14, Valid
In: 213.160.143.26/21722 --> y.y.y.114/2555;tcp, ****If: ge-0/0/0.14****, Pkts: 2, Bytes: 120
Out: 10.100.0.252/25 --> 213.160.143.26/21722;tcp, If: ge-0/0/0.100, Pkts: 3, Bytes: 180
Total sessions: 1
Why inbound interface is ge-0/0/0.14 but not ge-0/0/0.18???
Thanks!
--
WBR, Yuriy B. Borysov
YOKO-UANIC | YOKO-RIPE
More information about the juniper-nsp
mailing list