Hello,
I have my first device with junos - j2350 and I try to learn about it.
I alredy created bgp (up and running), secure my managment access un could get data from snmp.
I can traceroute (from windows OS) and ping my device from any IP address, but if I try traceroute from my j2350 I get:
user@device> traceroute www.sony.com
traceroute to www.sony.com (64.37.182.61), 30 hops max, 40 byte packets
1 rev-1-1-1-1.my.net (1.1.1.1) 2.592 ms 4.148 ms 3.236 ms - #this is IP of my bgp neighboor
2 * * *
As I understand I can resolve names, but i can not trace route to my DNS servers.
my interfaces:
user@device# show interfaces
ge-0/0/0 {
vlan-tagging;
unit 0 {
vlan-id yyy;
family inet {
filter {
input protect-bgp;
}
address 1.1.1.2/30;
}
}
unit 2 {
description mngm;
vlan-id xxx;
family inet {
address 192.168.x.x/24;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-lo;
}
}
}
}
my firewall:
user@device# show firewall
family inet {
filter protect-lo {
term managment {
from {
source-prefix-list {
mgmt-ip;
}
destination-port [ 22 23 80 443 ];
}
then {
log;
accept;
}
}
term allow-rest {
then accept;
}
}
filter protect-bgp {
term bgp-peer {
from {
prefix-list {
bgp-peer-ip;
}
}
then {
log;
accept;
}
}
term bgp-peer-deny-rest {
from {
destination-port 179;
}
then {
log;
discard;
}
}
term allow-icmp {
from {
icmp-type [ echo-reply echo-request ];
}
then {
log;
accept;
}
}
}
}
I alredy changed my security zone, but it did not help
user@device> show configuration security zones security-zone bgp-peer-network
screen bgp-peer-screen;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
}
what is wrong in my configuration?