## Last changed: 2011-05-18 00:16:27 UTC version 10.2R3.10; system { host-name a; root-authentication { encrypted-password "$1$Jvdz2525233Q/VF$Q6557^&&&566sQYsdvv234554qT3FRWYjWc9zW$$na9."; ## SECRET-DATA } name-server { 4.2.2.2; 4.2.2.1; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 10.212.197.105/24; } } } ge-0/0/1 { unit 0 { family inet { filter { input f1; } address 10.0.0.1/24; } } } ge-0/0/3 { unit 0 { family inet { address 192.168.0.1/24; } } } st0 { unit 0 { family inet; } } } routing-options { interface-routes { rib-group inet import; } static { route 0.0.0.0/0 next-hop [ 10.212.197.106 10.0.0.20 ]; } rib-groups { import { import-rib [ inet.0 r1.inet.0 ]; } } } security { nat { destination { pool pool1 { address 192.168.0.20/32; } rule-set test { from routing-instance r1; rule 1 { match { destination-address 10.0.0.3/32; } then { destination-nat pool pool1; } } } } proxy-arp { interface ge-0/0/1.0 { address { 10.0.0.3/32; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0; ge-0/0/3.0 { host-inbound-traffic { system-services { all; } } } } } security-zone untrust { interfaces { ge-0/0/1.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } } policies { default-policy { permit-all; } } } firewall { filter f1 { term term0 { from { source-address { 10.0.0.20/32; } } then accept; } term term1 { from { protocol icmp; } then { routing-instance r1; } } } } routing-instances { r1 { instance-type virtual-router; interface st0.0; routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.20; } } } } [edit] root@a#