Shulou(Shulou.com)06/01 Report--

Juniper (JUNOS) establishes NAT port mapping

1. Introduction to NAT configuration interface:

Rule Name: name the NAT (does not affect the configuration)

Source Address: the restriction on the source address (can be left empty, but can be set at Policy if you want to restrict it).

Deatination Address & Port: public network address, corresponding public network address port.

Actions: setting the behavior of NAT

2. Configuration mode

1. Configure NAT

①, configure NAT internal terminal mapping port.

Select NAT-Deastination NAT-Deastination NAT Pool-add

Set the name of the Pool, as well as the internal terminal IP, the port that needs to be released.

Return to Destination Rule Set and configure the NAT mapping.

Establish the NAT mapping in the TEST rule and select the Add in the lower right corner

① enter Rule Name (does not affect configuration)

The public network address corresponding to ② and the public network port that has been mapped.

③ select Do Destination NAT With Pool on the right, and select the previously established Deastination NAT Pool

2. So far, the NAT has been configured, but you still need to configure Policy to allow the external terminal to access successfully.

①, add address book, path selection Security----Policy Elements----Address Book-, click Add in the upper right corner

②, add service port

Path selection: Security----Policy Elements----Applications-, click Add in the upper right corner.

③, set Policy

Path selection: Security----Policy-Apply Policy, select the application area of Policy (Unrust to DMZ), and select Add

Fill in the Policy name (does not affect configuration)

Select Policy Action (permit allow, deny Block, reject)

Select the area to be applied, usually untrust to DNZ

Choose which external addresses are affected by Policy (Source Address), and generally choose Any, which means that all addresses are affected by this Policy.

Select the internal host (Destination Address). In this step, you need to set up the previous Address Book and select the Address Book with that name.

Select the corresponding service (Applications). In this step, you need to set the previous Applications. But it is worth noting that it is set according to the services provided by the internal host, for example, port 22 of internal host An is mapped to port 1880 of the external network, so port 22 instead of port 1880 is selected here.

Third, commit is required after the configuration is completed.

This is one of the unique features of JUNOS to avoid misconfiguration that prevents the system from functioning properly.

Configred shared

Commit confirm 10 (trial run for 10 minutes, automatic rollback)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.